Scareware Scam Mimics Firefox and Chrome Malicious Attack Warnings

If you use Firefox or Chrome, then you have undoubtedly seen the red and white “malicious site” warnings that are built into those browsers to block infected sites.
Yes, cyberthugs are at it again and have a new sneaky scareware scam. Sadly, unsuspecting surfers will download the rogue antivirus.

Mikko Hypponen, a researcher at F-Secure, blogged that the attack page warnings appear nearly authentic. On Firefox, the warning alert states, “Reported Attack Page!” On Chrome, the warning reads, “Visiting this site may harm your computer!” However, these scam warnings will include an option to download updates. On Chrome, it states, “Please download and install Google Chrome secure updates!” On Firefox, it simply adds “Download Updates.”

The “Security Tool” is a rogue anti-virus. Firefox will give an option to click “OK” to save the supposed Mozilla security updates. If you have scripts enabled, you don’t even need to click on “Download” or “Save.” Instead the drive-by download will try to install. Even if you click “Cancel,” a new dialogue box will pop up that states, “Please download and install Firefox secure updates!”

You may know better, but there will be many people who will be duped. Please warn your family or friends who are technically challenged…Save yourself some grief because if they get infected with malware, will they automatically assume that you will be their free 24/7 tech support?

The warning on top is a legit Firefox warning. The bottom Firefox “Reported Attack Site” was captured by F-Secure in this new scareware scam.

If the malware is downloaded and a user’s PC is infected with the fake antivirus scanner, it will hijack the user’s computer. Scareware tends to continually warn about viruses and demand payment to have the scareware removed.

Hypponen points out, “The ironic thing is, the page contains the clause “Some attack pages intentionally distribute harmful software”. It might as well have added… “Which you can get by clicking on the button below.”

A real Firefox malware block page will not offer a choice to download any updates. Your choices are either “Get me out of here!” or “Why was this page blocked?”

Scareware thugs attempt to make their deceptive site look as authentic as possible, although there are plenty with hideous English or spelling, and these scareware exploits usually target Windows. Some scareware incorporates ransomware that blocks Internet access until the user pays up, or encrypts files and then demands payment to decrypt them. Even though cybercriminals are always trying to find new tactics to fool users, all scareware is based in a fearmongering strategy. There are blackhat SEO campaigns that hijack keywords, malvertising which pushes malicious advertising on legitimate and popular sites, and also scareware scams that appear to be scanning in real-time for security threats before showing some fake infection stats. Another scareware tactics is to fill the screen with comparative charts, showing how terrific the fake product is compared to top software offered by other security firms.
Heck, sometimes legitimate software firms are accused of slinging scareware messages.

Security vendor ‘GFI Software’ (previously known as Sunbelt Labs) listed the Top 10 malware threats in September. Scareware was the 7th and 9th most widespread malware attack types, so tricking users to download fake antivirus programs seems to be working for cybercrooks.

In July, the FBI tried to warn users not to be scared of scareware. In August, Symantec warned “scareware haunts airport Internet terminals.” Scareware is everywhere and it is sickening how common and sadly effective this scam is. The FBI says, “If you think you’ve been victimized by scareware: File a complaint with the FBI’s Internet Crime Complaint Center.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s