It seems the makers of the all-too-familiar-now rogue AV are now targeting the more web-saavy of users; those who use Mozilla Firefox.
Recent versions of Firefox have been taking a more proactive approach to keeping Adobe Flash secure by checking the version of Flash installed and informing users that they need to upgrade Flash to a newer version if it is outdated. Simple enough. Perhaps too simple.
Now the makers of the familiar fake Windows Security Alert con and the bogus Anti-Virus malware have begun to craft webpages that look identical to the page that appears after users have started a freshly-upgraded version of Firefox, except they now have to upgrade Adobe Flash. It doesn’t require the user to click on a download link; it tries to start a download immediately upon page load.
Naturally users will download the legitimate looking executable and run it upon completion. In all, it is a very convincing tactic with a pretty flawlessly executed plan besides the URL being not that of a Mozilla Firefox owned domain. Of course, it isn’t a newer version of Flash. It’s the good ‘ol rogue AV that has been creeping into every corner of the web by any means possible, doing all the nasty things it always does. Security vendors are already aware of the threat and rolling out definition updates to detect and thwart this attack.
More on it over at F-Secure with screenshots
