Endpoint Protection

Hi,

Sry, first time and not sure if this is the right forum/ thing to do. This has happened on my work computer and I am more than a little nervous about it.

Browsed to a site that firefox identified as a reported attack page. Dialog box popped up and said to "Download secure updates for firefox", so I did and thought nothing of it as it came up after mozilla blocked the page, until I saw the file origin (antimalware-updates.is dot com/firefox-updates/ff_secure_upd.exe) and thought it was suspicious. I deleted the .exe file without runnin it and ran a full scan which only found 1 malware cookie *@at.atwola.com.

Checked google for something about it and found that it is on the mozilla support forum as of today (oct.19) and 13 ppl have reported it today, so it looks like this is just coming up and I want Norton to be aware of it... so I don't get fired for leaking.

Cheers

Thanks for heads up..but things like these can be protected in only 2 ways

User Awareness--Do not open/download from unknown websites

Hardening--Hardening you machines with strict firewall,Application Control rules.

I edited your link so our users do not click on it by mistake. In the future , please don't put the full URL to malicious sites in the forum.

Norton Safe Web shows that site as a security risk.

http://safeweb.norton.com/report/show?url=antimalware-updates.is.com

You might consider adding our Norton Safe Web Lite add-on to your browser(s). Norton Safe Web Lite provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry.

http://safeweb.norton.com/lite

Thanks,

Thomas

File submitted to Symantec

Only 6/43 from VirusTotal

http://www.virustotal.com/file-scan/report.html?id=cd0612566db66dc424b86abc7afaebe40a3c9e49e54e0f2b57be4ac1215af15b-1287537539

This particular file appears to be the always exciting FakeAV, called Security Tool. Installed via drive-by download

Thanks guys, this is some good information.

Good news:

We had an infected PC with the FakeAV trojan (generic). I'm thinking it was related to a driveby install from seeksearchsite<dot>com. Just thought, I throw that out there for people to be aware.

Drive-by malware is the latest craze and only going to get worse.

Take a look at BLADE:

http://www.blade-defender.org/

Nice, thanks!

More social engineering/trickery, I believe.  Security Response did a blog entry on this recently (4 Oct).

Misleading Apps Push Browser Security Update Trick
https://www-secure.symantec.com/connect/blogs/misleading-apps-push-browser-security-update-trick

sandra