Daily Archives: September 6, 2010

Fake Malware Alerts Are Getting Better

It is a known fact that malware creators often appeal to users, trying to lure them into action to aid infection of the target computer. In computer security this is called social engineering. The user is presented with a scenario that looks legit and then he/she is asked to click on something or install something in order to continue/avoid damage/correct what’s wrong, etc. All fake/rogue antivirus use this technique, trying to make the user install the rogue software or pay for the full version, lest an apocalypse of infections will go unhandled in the user’s computer. This subject has been covered before. But over time the techniques are getting better, and that deserves its own article.

One of the newest styles involves your web browser. Internet Explorer, Firefox, Google Chrome, they’re all potentially affected. Here’s how it works: A specific virus (called MSIL/Zeven) auto-detects which browser you’re using, then presents you with the “infected website” or “phishing website” alert, giving you an option to install an update to handle. The update is of course a fake antivirus. The problem is that the alert looks very legitimate (except maybe the Firefox one, which has a typo, “get me our of here”). The landing page if the user opts for installing the fake antivirus looks A LOT like the Microsoft Security Essentials website. Even a trained eye can be fooled. And this new social engineering technique relies on the user’s trust of the day-to-day web browser, a technique that is new. The telltale however is no browser would ever prompt you to install antivirus software.

So it behooves you to double check and be more alert when a computer prompts you for action. If you have doubts  about this ask an expert.