Scareware posing as a Firefox update has been developed by cyber criminals.

This tactic marks a change in approach from the usual for this kind of scam. Typically surfers are lured to malicious sites via search engine manipulation. Fake scans then ensue on their systems, reporting it as riddled with viruses. Marks are then conned into buying AV that is more than useless and often left with annoying alerts popping up constantly.

The scam uses Firefox?s ?just updated? page that is display after an update is completed. The fake page tells users that they need a flash update. When he users go to download the update they receive a malicious payload instead. The attack launches once a user visits the fake site, which is not associated with Firefox.

F-secure has a full write up on the attack on it?s site.

On a related tip, McAfee have warned of a fake trial version of it VirusScan software. which is actually a Trojan in disguise. New variants of the Bredolab Trojan were attached to spam emails.