From the Symantec Security Response Blog:
In the first week of 2014, we came across a website using tried and tested social engineering techniques to coerce victims into installing malware. The domain http://newyear[REMOVED]fix.com, was registered on December 30, 2013. Based on our research, 94 percent of attacks appear to be targeting users based in the United Kingdom through advertising networks and free movie streaming and media sites.
The attackers attempt to trick victims using the following techniques:
• A URL containing the words "new year" and "fix"
• A professional looking template (from Google, Microsoft or Mozilla) telling the victim that a critical update is necessary for their system to function properly
• Redirecting the user, based on their browser type, to a fake but convincing Chrome, Firefox, or Internet Explorer Web page.
• Using a JavaScript loop to force the victim to give up and stay on site - users have to click on the "Yes/No" option 100 times in order to close the browser.
This particular social engineering attack is not novel, and plays on victims' fear of needing to install urgent updates. Since the domain was registered only last week, it appears the attacker thought of this scheme at the very last minute, as the holiday season starts winding down.
Continued : http://www.symantec.com/connect/blogs/fake-browser-update-site-installs-malware
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
Fake Browser Update Site Installs Malware
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic