Scareware peddlers have developed a new ruse that relies on mimicking browser warning pages. The malicious code - dubbed Zeven - auto-detects a user's browser before serving up a warning page that poses as the genuine pages generated by IE, Firefox or Chrome. Prospective marks are warned that their systems are riddled with …
Even with the spelling mistakes those pages are pretty convincing.
They've clearly learned that people trust a calm green/blue/white coloured website, compared to the cluttered bright red ones they used to use to scare you into believing you need their AV.
With how stupid some people are with computers, this will net the fraudsters millions
Paris, because she's exactly the kind of smart person they will target ;-]
So you didn't actually look at the screenshots then?
Because if you did you'd have seen that they initially spoof the browser 'This website has been reported as hosting malicious content' screens. Which are all red. It then redirects you to the download site to get the 'security update'.
Go back to the drawing board
I'm talking about the site you buy the fake antivirus product from.
Try actually reading
And yes i did look at the pictures, you should have another look at all of them because you clearly missed half
Nothing to see here.
I was slightly concerned, until I read this bit:
"...a site designed to look like the genuine Microsoft Security Essentials website..."
So, it's Microsoft only. Don't we get news of a new MS vulnerability at least once a week? (even if it is more like old-fashioned trickery this time)
Read it again
It's not a MS vulnerability, it's a browser vulnerability.
So you will have this problem if you use Firefox or Chrome on a Mac
Didn't you read the article?
Its usually the grammar that gives it away
Phrases such as "Warning: Visit this site may harm your computer", instead of "Visiting..." or "...based on your security preference" instead of "...based on your security preferences", usually give it away I find.
Then again your joe average user just clicks away without reading the warnings.. ."I just saw the icon man, and thought it was ok...."
Reverse DNS is usefull here.
I always use reverse DNS, and many other security tools, here but most people wouldn't even know why to use such a tool let alone the right context. Nice job on their part. A bit more polish and I'd bet they could snag even most of the top 1% of professionals.
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Human spacecraft dodge COMET CHUNKS pelting off Mars