Rewterz Threat Alert – Variant of Adwind RAT Targets Petroleum Sector
November 11, 2019Rewterz Threat Alert – Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit
November 12, 2019Rewterz Threat Alert – Variant of Adwind RAT Targets Petroleum Sector
November 11, 2019Rewterz Threat Alert – Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit
November 12, 2019Severity
Medium
Analysis Summary
A bug in Firefox can be triggered by sending a large amount of authorization confirmation prompts to the browser. According to BleepingComputer, this causes the visible page, in this case the scammer’s tech support page, to refuse to close. The victim’s only real choice (other than calling the scammers) is to use the Task Manager to terminate Firefox. The threat message the scammers use on their page indicates that the particular version of Windows the victim is running is pirated and has been locked, and that the system has been hacked and is spreading viruses over the Internet. The page claims that the system has been blocked for the victim’s safety. The report stated that even Chrome has been affected similarly in the past. One way to reach such a page could possibly be by visiting a fake ad link (the article suggested a fake eBay ad).
Impact
Browser lock
Affected Vendors
Mozilla
Affected Products
Mozilla Firefox
Indicators of Compromise
URL
http[:]//d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index[.]html
Remediation
Use Windows Task Manager to terminate the process associated with your browser.