09/21/2009

Fake Firefox security warning leads to scareware

Fake Firefox security warning leads to scareware Vulnerabilities

Scareware is becoming more and more popular among cyber crooks, and is a very profitable business. The current scheme is particularly furtive, because it imitates Firefox's security warnings.

 


Screenshot 1: Firefox-look-alike warning

 

 

The fraudscheme is launched by a Trojan (we detect it as Trojan.FakeAlert.BFW) that has been executed on the system (be it by the user or by a backdoor). The malware is redirecting all traffic to the sites that display the Firefox-look-alike warning message. It warns that the website probably contains "malicious software". The user is to make a decision by clicking a button. If they don't want to "Continue Unprotected", they are routed to a website that offers a "Security software" named "Personal Antivirus". 

 


Screenshot 2: Scareware im Angebot

 

 

What you get in the best case, is a useless piece of code. This one informs the user that the PC is infected with malware. Buying the software stops the nagging but might include downloaders for additional malware. Payment is possible by credit card only. It wouldn't come as a surprise, if the data entered there would be traded in the underground market and used in other fraudulent activities.


Share Article