New malware detects your browser and shows fake malware warning page

Posted on Saturday, September 04 2010 @ 10:34 CEST by Thomas De Maesschalck
ARS Technica reports malware makers have gotten more creative to separate you from your hard-earned cash. One of the latest threats is MSIL/Zeven, a piece of malware that auto-detects which browser you're using to imitate a legit-looking malware warning page from Internet Explorer, Firefox, or Chrome, in order to lure you to a page that sells a fake anti-malware solution.
Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless "Safe Browsing Mode" with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied.

While the malware is a pretty good attempt, it's not perfect. The goal is to get the user to download and install something, shelling out some cash in the process, which neither of the three browser vendors would ever recommend.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments