Spammers and scammers have been targeting email users with clever social engineering. This time they are up with fake Firefox update email which contains password stealing trojan. According to security researchers at Sophos, the email claims to be an advisory related to an update of the browser. The fake advisory asks users to update their Firefox installations for security reasons and includes a download link to the supposed update.
The download leads to an executable file that bundles an installer for the Windows version of Firefox 5.0.1 and a password-stealing trojan (Troj/PWS-BSF). Users should always exercise caution when clicking on links in emails. Spammers use social engineering cleverly. Users need to be aware as Firefox always releases advisory and details of bug on the website rather than sending emails. Always check the site for latest update and download latest version from the official site only. Be secure and stay safe !