Fake browser updates deliver fake AV or exploit kit

Not that long ago, Microsoft was warning users about rogue AV peddlers using compromised websites and fake browser warnings to urge them to download an “upgrade”/”solution for malware protection”.

This kind of approach must have brought positive results for the scammers, because Symantec warns about a very similar campaign that is currently under way.

This time, not only do the fake “Reported Attack Page!” warnings offer “updates” that are actually a rogue AV by the name of “SecurityTool”, but also proceed to redirect users to a malicious website that hosts the Phoenix exploit kit in the event that the user sees through the ploy and declines to save the offered executable.

Phoenix then tries its assortment of exploits and if it manages to take advantage of a vulnerability on the victim’s system, it delivers additional malware.