Fake Firefox fix hides password-filching trojan

Scammers are sending out huge numbers of fake emails pretending to be from the Mozilla Foundation, maker of the popular multi-platform web browser Firefox.

The spam-flavoured missives, with titles along the line of 'New Version Released' and which appear to have been sent from various email addresses ending in @firefox.com contain links to malicious executables which ride in on what appears to be a genuine update to Firefox 5.0.1.

The trojan, identified by Sophos as Troj/PWS-BSF, is reportedly capable of stealing passwords.

Firefox automatically updates itself by default so any email purporting to offer to do it for you is definitely a fake. Mozilla doesn't send update notices vie email or any method other than the in-app notifications.

Here's the text of the spam email, which you should delete without opening. And definitely don't click on the link which, for obvious reasons, we have deleted.

Important notice