Bizarre Firefox update scam offers AV to go with it

A fascinating mishmash of scammy offers is currently being pushed onto Russian-speaking users on chatrooms, forums and security lists.

It all starts with a link that takes potential victims to a site where they can purportedly get an update for a series of browsers (IE, Firefox and Opera) and Adobe Flash Player. All they have to do is send an SMS to a predefined number, which will cost them some 170r, (about $5.60), and they can download the update.

Needless to say, experienced users have realized this is a scam as soon as they were asked to pay for an update that they know comes always free of charge. But, as GFI Labs’ Christopher Boyd says, “I guess it works because otherwise they wouldn’t bother putting these sites together.”

Various domains host these sites (ffup(dot)ru, operaupdates(dot)info, fastupp(dot)info), but that located on the last one proves to be particularly bizarre since it “offers” various versions of Firefox 4 – one of which is supposedly bundled with an “AV update”:

A fake computer scan also starts, and when it ends, another page that reiterates the need for the victims to send an SMS to the given numbers in order to receive the code to activate the update pops up.