Fake Firefox Email Bundled with Password Stealing Trojan

Scammers use the email communication to send out the latest Firefox update package which is attached with a password stealing Trojan. The email subject on this update is named New version released and the sender is somewhat from a user which has the email domain of ‘firefox.com’. If you are a regular user of this browser, you will know that since when they even bother to send you any email on the browser update? It could been easier if they just notify you from your browser that there is a new update and ask you patch from there. Hence if you have encountered any email as below, please do not click on any of the links.

The Fake Firefox Email Content

Subject: New version released


Important notice

A Firefox software update is a quick download of small amounts of new code to your existing Firefox browser. These small patches can contain security fixes or other little changes to the browser to ensure that you are using the best version of Firefox available. Firefox is constantly evolving as our community finds ways to make it better, and as we adjust to the latest security threats. Keeping your Firefox up-to-date is the best way to make sure that you are using the smartest, fastest and . most importantly . safest version of Firefox available. A Firefox update will not make any changes to your bookmarks, saved passwords or other settings. However, there is a possibility that some of your Add-ons won.t be immediately compatible with new updates.

For security reasons please update your firefox version now


emailWhat’s the Firefox Trojan?

The password stealing Trojan is known as Troj/Mdrop-DPO by Naked Security recently. However, it was previously found by them as Troj/PWS-BSF. It doesn’t really matter what name you want to call the Trojan. Because towards the end, the lesson here is that URL from email should not be 100% trusted. Even if you think the person has the email domain of a legitimate one, but that can easily be faked out. The proper way to update your web browser is to run an update using the web browser itself. Alternatively, you can also go to the official site and download the latest version. Clicking directly from the email address do gives we all a good convenience, but we we know that convenience and security don’t really work very well together. Final reminder to fellow readers, try not  to click any link at all from your email address.

Join the IT Security Column Facebook page now and get the latest news on all the IT security stuff apart from the Firefox Trojan scam.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Pwn2Own: Safari & IE8 Hacked, Firefox & Chrome Stand Strong
  2. McDonalds Malware Bundled With the Free Breakfast
  3. Tatanga, Trojan That Robs Bank Account
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)