The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: New malware detects browser, shows fake malware warning page


Administrator / Manager

Status: Offline
Posts: 2499
Date:
New malware detects browser, shows fake malware warning page
Permalink   


Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before.

Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless "Safe Browsing Mode" with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied.

While the malware is a pretty good attempt, it's not perfect. The goal is to get the user to download and install something, shelling out some cash in the process, which neither of the three browser vendors would ever recommend. The Firefox warning page, meanwhile, has an obvious typo ("Get me our of here"). In addition, it's suspicious that a webpage is going out of its way to tell you it is protecting your purchase. It's also not hard to check that the supposedly detected files do not actually exist on the user's computer. All of these missteps should raise red flags immediately; having said that, we've still not before seen this level of detail and effort from the bad guys.

ARS Technica has the details HERE!



__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard