Scareware peddlers have developed a new ruse that relies on mimicking browser warning pages. The malicious code - dubbed Zeven - auto-detects a user's browser before serving up a warning page that poses as the genuine pages generated by IE, Firefox or Chrome. Prospective marks are warned that their systems are riddled with …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 6th September 2010 13:43 GMT Tigra 07

Rednecks?

Even with the spelling mistakes those pages are pretty convincing.

They've clearly learned that people trust a calm green/blue/white coloured website, compared to the cluttered bright red ones they used to use to scare you into believing you need their AV.

With how stupid some people are with computers, this will net the fraudsters millions

Paris, because she's exactly the kind of smart person they will target ;-]

0 0
1. Monday 6th September 2010 15:00 GMT Oliver Mayes
  
  So you didn't actually look at the screenshots then?
  
  Because if you did you'd have seen that they initially spoof the browser 'This website has been reported as hosting malicious content' screens. Which are all red. It then redirects you to the download site to get the 'security update'.
  
  0 1
  1. Tuesday 7th September 2010 08:19 GMT Tigra 07
    
    Go back to the drawing board
    
    I'm talking about the site you buy the fake antivirus product from.
    
    Try actually reading
    
    And yes i did look at the pictures, you should have another look at all of them because you clearly missed half
    
    0 1
Monday 6th September 2010 14:30 GMT Anonymous Coward

Nothing to see here.

I was slightly concerned, until I read this bit:

"...a site designed to look like the genuine Microsoft Security Essentials website..."

So, it's Microsoft only. Don't we get news of a new MS vulnerability at least once a week? (even if it is more like old-fashioned trickery this time)

1 1
1. Tuesday 7th September 2010 08:20 GMT Tigra 07
  
  Read it again
  
  It's not a MS vulnerability, it's a browser vulnerability.
  
  So you will have this problem if you use Firefox or Chrome on a Mac
  
  Didn't you read the article?
  
  2 0
Tuesday 7th September 2010 10:09 GMT bytesoup

Its usually the grammar that gives it away

Phrases such as "Warning: Visit this site may harm your computer", instead of "Visiting..." or "...based on your security preference" instead of "...based on your security preferences", usually give it away I find.

Then again your joe average user just clicks away without reading the warnings.. ."I just saw the icon man, and thought it was ok...."

0 0
Thursday 9th September 2010 08:43 GMT Anonymous Coward

Reverse DNS is usefull here.

I always use reverse DNS, and many other security tools, here but most people wouldn't even know why to use such a tool let alone the right context. Nice job on their part. A bit more polish and I'd bet they could snag even most of the top 1% of professionals.

0 0