AegisLab found a malicious URL：hxxp://update-critical.com，it would detect your browser and redirect you to the fake browser updating website respectively!

We discovered there are three types of these fake browser updating websites!

AegisLab also found the similar case before：『 安全通報2013-01-03: SEO汙染,瀏覽器更新請注意!! 』，it's not a new trick!

Moreover，hackers add instructions and following steps in these fake browser updating websites!

IE：hxxp://update-critical.com → hxxp://update-critical.com/ie/ie.html → hxxp://update-critical.com/ie/IEUpdate.exe

Chrome：hxxp://update-critical.com → hxxp://update-critical.com/chrome/chrome.html → hxxp://update-critical.com/chrome/ChromeUpdate.exe

Firefox：hxxp://update-critical.com → hxxp://update-critical.com/firefox/firefox.html → hxxp://update-critical.com/firefox/FirefoxUpdate.exe

These fake browser updating websites will download the malicious files!

The detection rate in VirusTotal：24/45

AegisLab WebGuard has blocked [D]update-critical.com，we urge our customer to keep WebGuard signature up to date.

Follow