The Register® — Biting the hand that feeds IT

Feeds

Browser security warning lookalike pushes malware

Scareware peddlers have developed a new ruse that relies on mimicking browser warning pages. The malicious code - dubbed Zeven - auto-detects a user's browser before serving up a warning page that poses as the genuine pages generated by IE, Firefox or Chrome. Prospective marks are warned that their systems are riddled with …

This topic is closed for new posts.
Tigra 07
Paris Hilton

Rednecks?

Even with the spelling mistakes those pages are pretty convincing.

They've clearly learned that people trust a calm green/blue/white coloured website, compared to the cluttered bright red ones they used to use to scare you into believing you need their AV.

With how stupid some people are with computers, this will net the fraudsters millions

Paris, because she's exactly the kind of smart person they will target ;-]

Oliver Mayes
Reply Icon

So you didn't actually look at the screenshots then?

Because if you did you'd have seen that they initially spoof the browser 'This website has been reported as hosting malicious content' screens. Which are all red. It then redirects you to the download site to get the 'security update'.

Tigra 07
FAIL
Reply Icon

Go back to the drawing board

I'm talking about the site you buy the fake antivirus product from.

Try actually reading

And yes i did look at the pictures, you should have another look at all of them because you clearly missed half

Anonymous Coward
Anonymous Coward

Nothing to see here.

I was slightly concerned, until I read this bit:

"...a site designed to look like the genuine Microsoft Security Essentials website..."

So, it's Microsoft only. Don't we get news of a new MS vulnerability at least once a week? (even if it is more like old-fashioned trickery this time)

Tigra 07
FAIL
Reply Icon

Read it again

It's not a MS vulnerability, it's a browser vulnerability.

So you will have this problem if you use Firefox or Chrome on a Mac

Didn't you read the article?

bytesoup
Linux

Its usually the grammar that gives it away

Phrases such as "Warning: Visit this site may harm your computer", instead of "Visiting..." or "...based on your security preference" instead of "...based on your security preferences", usually give it away I find.

Then again your joe average user just clicks away without reading the warnings.. ."I just saw the icon man, and thought it was ok...."

jackofshadows

Reverse DNS is usefull here.

I always use reverse DNS, and many other security tools, here but most people wouldn't even know why to use such a tool let alone the right context. Nice job on their part. A bit more polish and I'd bet they could snag even most of the top 1% of professionals.

This topic is closed for new posts.