Home Malware Programs Browser Hijackers ‘Internet_ExplorerPatch.hta’ Pop-Ups

‘Internet_ExplorerPatch.hta’ Pop-Ups

Posted: December 18, 2015

The 'Internet_ExplorerPatch.hta' pop-ups are attacks that may install threatening or unwanted software by portraying their products as being browser security updates. Although the 'Internet_ExplorerPatch.hta' pop-ups could trigger via already-present threats on your PC, malware researchers have connected recent reappearances, especially with compromised Web advertisements. Protection from the 'Internet_ExplorerPatch.hta' pop-ups can include blocking advertisement content, resetting your Web-browsing settings and, if need be, using PC security products to scan for any threats that could install themselves through an embedded script.

Downloading a Browser Patch Full of Trouble

The irony of con artists using PC security patches for threat distribution isn't a new trend, but the holiday season does bring with it renewed activity from some threat authors and con artists. The 'Internet_ExplorerPatch.hta' pop-ups are evidence of the latest in such attacks, where Web surfers are asked to infect their computers for the sake of a 'patch' while suffering through warnings of network vulnerabilities. Some evidence also has surfaced of similar campaigns running concurrently for browsers other than Internet Explorer, such as Firefox.

Web surfers can see the 'Internet_ExplorerPatch.hta' pop-ups most often circulating on compromised advertising networks for social networking sites likes Facebook. Embedded scripts may prevent the Web surfer from closing the 'Internet_ExplorerPatch.hta' pop-ups, which include build release dates, IP addresses and other, pseudo-technical jargon meant to make the download look legitimate. Meanwhile, any interaction with the content of the 'Internet_ExplorerPatch.hta' pop-ups (even to click them closed) may risk triggering the included download, which may install threats or simply unwanted software, such as adware.

The Web domains used by the 'Internet_ExplorerPatch.hta' pop-ups make limited efforts at disguising themselves as affiliates of Microsoft. The use of disposable threat sites like the Chinese-registered iebahomaniyat.com domain could indicate that its administrators have no intentions of holding them for long-term, sustained illicit operations.

Samples of this campaign's payloads are still under review, although malware researchers have found that similar tactics are common for high-level threats, including spyware, worms and backdoor Trojans.

Exploring a Safe Space from the Latest Threat Downloaders

Any PC owner aware of Microsoft's standard update methodology should be able to identify the corrupted 'Internet_ExplorerPatch.hta' pop-ups on sight. Legitimate Microsoft updates always use the Windows Update service, don't use third-party sites like iebahomaniyat.com, and never deliver themselves through Web browser pop-ups. As a rule, you also can assume that 'updates' downloads accompanied by unusual security warnings, such as numerical percentages for your vulnerability to threat injections, are attacks against your PC.

Responsible and cautious use of standard browser security features and add-ons can keep your browser from loading the 'Internet_ExplorerPatch.hta' pop-ups originally. You can close a browser that's already loading the 'Internet_ExplorerPatch.hta' pop-ups or equivalent attacks by using the Alt F4 keyboard combination. After doing so, malware researchers heavily advise scanning your PC with anti-malware tools and resetting your browser's cache. These precautions can prevent the 'Internet_ExplorerPatch.hta' pop-ups from installing threats automatically or causing new side effects for your browser.

Loading...