Original URL: http://www.theregister.co.uk/2010/09/06/scareware_fakes_browsers_warnings/

Browser security warning lookalike pushes malware

Zeven deadly sins

By John Leyden

Posted in Security, 6th September 2010 10:42 GMT

Scareware peddlers have developed a new ruse that relies on mimicking browser warning pages.

The malicious code - dubbed Zeven - auto-detects a user's browser before serving up a warning page that poses as the genuine pages generated by IE, Firefox or Chrome. Prospective marks are warned that their systems are riddled with malware to trick them into running a fake anti-virus software package, called Win7 AV. The warnings are generated from malicious scripts planted on compromised websites.

The social engineering scam hinges on the fact a user is more likely to trust a warning and security recommendation ostensibly generated from their browser software than a random "your security is at risk" pop-up. The Win 7 AV scareware package at the centre of the scam is served from a site designed to look like the genuine Microsoft Security Essentials website, right down to a link to Microsoft Malware Protection Centre and a graphic illustrating awards bestowed upon of Redmond's freebie security scanner tool.

A Microsoft blog post - featuring screenshots that illustrate how the malware attempts to trick marks into buying worthless insecurity software - explains the threat in greater depth here. ®