Posts Tagged ‘Spamdexing’

Fake anti-virus cloaks itself to appear to be Microsoft Update

Published by pratyushkp on June 9th, 2011 - in Social, Technology

Original post on Sophos. Author – Chester Wisniewski

We are seeing the criminals behind fake anti-virus continuing to customize their social engineering attacks to be more believable to users and presumably more successful.

Last week I wrote about fake Firefox malware warnings leading users to rogue security software. This week they’ve started to imitate Microsoft Update.

The page is nearly an exact replica of the real Microsoft Update page with one major exception… It only comes up when surfing from Firefox on Windows. The real Microsoft Update requires Internet Explorer.

The same site was also hosting the traditional Windows XP explorer scanner we have seen for years, as well as a new Windows 7 scanner.

Similar to spam messages that have corrected their grammar and use correct imagery and CSS, the attackers selling fake anti-virus are getting more professional.

They use high quality graphics and are using information from our UserAgent strings that are sent by the browser to customize your malware experience.

Just like visiting your bank you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software.

  • Blackhat SEO and Fake anti-virus – Like chocolate and peanut butter (
  • More Mac malware – top tips for avoiding infection (
  • Microsoft Updates Bing Mobile (
  • Saving Your Computer from Attack! (
  • New Microsoft Safety Scanner tool cleans over 20,000 machines in a week (
  • How do I protect my PC while surfing the net? (

Fake Firefox warnings lead to scareware

Published by pratyushkp on May 31st, 2011 - in Social, Technology

Image via CrunchBase

Purveyors of fake security software don’t let much grass grow under their feet and continually make improvements to their social engineering lures.

While most of the talk for the past month has been their move to Mac with fake Finder pop-ups that appear to scan your computer, they haven’t stopped innovating on Windows either.

Their latest scam? They detect your user-agent string from your web browser and display a fake Firefox security alert if you are using the Mozilla Firefox web browser.

Internet Explorer users get the standard “My Computer” dialog that appears to do a system scan inside their browser window.

Taking advantage of detailed information about the person’s computer and software allows for a much more specific, believable social engineering attempt.

We are likely to continue to see these criminals targeting each operating system, browser and any other details that can be gleaned from HTTP requests sent from our devices.

If you click the “Start Protection” button you will download the latest, greatest fake anti-virus program which will perform exactly the way you would expect a fake anti-virus program it to.

It will faithfully detect fake viruses on your computer until you register it for $80 or more.

If you are a Firefox user and see a warning about viruses on your computer, you will know it is fake. Firefox does not include a virus scanner inside of it and it will only warn you about visiting malicious pages.

If you get a warning about a dangerous website from Firefox you can always play it safe… Close the browser.

Source :-

  • Fake Firefox warnings lead to scareware (
  • Everything You Need to Know About Mac Scareware (
  • Blackhat SEO and Fake anti-virus – Like chocolate and peanut butter (
  • SCAREWARE FOR MACINTOSHES: The fact that Mac users have fallen victim to “scareware” scams – the… (
  • New Mac fake-defenders similar to Windows scareware (
  • Apple admits scareware problem, at last (
  • Newest Mac Defender scareware installs without a password (
  • Protect yourself from the fake anti-virus’ and Java exploits (
  • G Data CloudSecurity, Web Browser Protection Plugin (
© Social Media Blog