Update79.molders.co.be - Firefox Security thing?

[Chrishazle]

Anyone know anything about this? I routinely use Firefox, and jave Kaspersky Internet Security installed.

A pop-up window appeared saying Firefox had detected a security threat to my PC. The address at the top was http://update79.molders.co.be. I closed that, and another opened saying 2Your system affected by numerous virus attacks, Mozilla firefox recommends you to install proper software to protect your computer".

I closed that, and another pop-up appeared "you have chosen to download InstallInternetProtection.579.exe, do you want to open or save" - I clicked the Cancel button!

All this time, I had Firefox minimised. When I maximised Firefox again, instead of my homepage (which I'd been on when I minimised it) I was at http://update79.molders.co.be/index...gxloMsCGnHSinH3M+Q5XwoejCNUQVZUPJXO3eKeICn0T/

which reckoned it had done a quick system scan, found 95 threats and wanted me to "Start protection"

Kaspersky says my system is clean!

What is this molders thing, and how is it getting past Kaspersky?

TIA - I'm confused!

 

[Dryce]

What is this molders thing, and how is it getting past Kaspersky?

TIA - I'm confused!

These attacks work in various ways.

Unsophisticated ones put up a warning that your system is infected. And then some buttons to click to download software on to your system.

More subtle ones will put up an animated graphic what looks like an AV program control panel or even something that looks like Windows. Same thing. Buttons or popups with butons to get you click OK to download and install their software on your system.

The trick is that the software that is downloaded is an application and doesn't look like a virus. And of course you're suckered to give permission to download.

So your AV setup may not catch it at that stage and if you let it run your AV software may be disabled by it.

Matters are made worse because many people who should have limited user accounts are actually using accounts with administrator privileges. So if you give the software permission to run it as likely as not has permission to do almost anything it wants. Because that's the default setup on the first account when people setup their computer for the first time (doh!) and they type in their own name (double Doh!). Most people click away the UAC messages that Microsoft introduced with Vista to try and stop this sort of thing happening.

 

[Stratman]

As a general rule, when these fake virus scams appear you shouldn't click on anything. Just because the button says 'Cancel' it doesn't mean that's what it will do. Instead use CTRL+ALT+DEL and close it using the task manager.

To get rid of it, Malwarebytes usually comes up trumps.