Fake Firefox Update Spreads Spyware

The successor program to the notorious Zango spyware toolbar is being used to target users of Mozilla's Firefox with fake browser updates, a security comp

any has alleged.

According to a warning put out by eSoft, the reprised Hotbar app, run as of May last year by a new entity called Pinball Corp, is being fed to users via a fake but convincing Firefox update page. The update page - which users would come to through a search engine for the latest updates - looks identical to the genuine page in everything bar the version it is claiming to offer (3.5 where the most recent is 3.6) and some misspelling.

Windows users fooled into downloading and installing from the fake page will actually be getting a toolbar app that also hits the user with pop-up ads and a weather application in the system tray.

According to eSoft, the software is actually being fed without the direct knowledge of its creators, Pinball, which will likely be p

Artwork: Chip Taylor
aying a third party affiliate for every install. As with the distribution of the original Zango Toolbar, how that install gets on to a user's PC is not their business.

Zango disappeared last April after several years in which it was accused of sneaking spyware on to users' PC without their consent, invariably by paying third parties to do the dirty work. In 2006, it was fined $3 million by the US Federal Trade Commission (FTC) for its actions.

It should be pointed out that what is at fault here is not the new toolbar app per se, but the way it is being distributed by a separate entity and installed under false pretences. As ever, an application becomes legitimate if the user consents to its installation having had the proposition explained in an accurate way, but that is certainly not happening in this instance.

The genuine install site for Firefox updates can be found here.

Subscribe to the Security Watch Newsletter

Comments