Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Malware Imitates Browser Warning Pages

Posted by Soulskill on from the good-thing-nobody-ever-mindlessly-clicks-through-those dept.

Jake writes with this excerpt from Ars: "Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before. Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless 'Safe Browsing Mode' with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied."

14 of 143 comments (clear)

  1. Themes by characterZer0 · · Score: 5, Insightful

    All the more reason to theme your window manager - it makes this stuff obvious.

    --
    Go green: turn off your refrigerator.
    1. Re:Themes by qoncept · · Score: 5, Funny

      So now we're up to, what, 1 legitimate reasons?

      --
      Whale
    2. Re:Themes by bheer · · Score: 3, Interesting

      I don't understand; how does theming your window manager help against this? I'm assuming the malware bit is *inside* the Google Chrome window, so even if you themed your windows with say a Pikachu theme, the *insides* of the Chrome window would still contain the rogue site, imitating Chrome's red and white-colored malware block UI.

      The only way out of this is if crucial error pages are protected with some sort of "sign-in seal", like Yahoo uses for its login screens.

       

      --
      Go somewhere random
  2. Why is this new? by HockeyPuck · · Score: 3, Insightful

    There's plenty of rogue/fake AntiVirus programs out there. Is the new part that they imitate your browser rather than looking like a real anti virus program?

  3. Possible solution by OnePumpChump · · Score: 3, Interesting

    The first time the browser is used, create a security image like bank websites use. Store that image or the word used to generate it someplace where the malware will presumably not be able to access it.

  4. The new part of this by querist · · Score: 5, Informative

    One part is old - imitating the web browser error page, specifically the IE error page. I've had many a chuckle when running Galleon or some other Linux browser and seeing it pop up a well-imitated IE error page. The new part on this one is that they're checking which browser it is and making sure the error page matches the browser.

  5. But that web site was SECURE! by Junior+J.+Junior+III · · Score: 4, Funny

    The .gif image of a shield SAID SO!

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  6. Your Post is at Virus Risk!1! Scan? by ackthpt · · Score: 3, Funny

    The biggest security hole is Microsoft's version of the javascript interpreter. They should collaborate with Google and adopt the rewrite for Chrome, it would solve half the problems right there.

    BTW, I found a virius in yor post - clikc this link to free triel of PostScan 2010!

    --

    A feeling of having made the same mistake before: Deja Foobar
  7. IE 9 won't share WSH's JS interpreter by tepples · · Score: 3, Interesting

    The biggest security hole is Microsoft's version of the javascript interpreter.

    IE 9 will not use Windows Script Host's JavaScript interpreter. I predict that this change will make it easier for Microsoft to maintain the integrity of the sandbox.

  8. Re:Bit of Advice by LocalH · · Score: 3, Funny

    Corrction: malgod@malgod.org

    Correction: "Correction"

    You owe me $10,000, as I'm charging my standard rates for proofreading for proofreaders.

    --
    FC Closer
  9. Re:Not new... by Anonymous Coward · · Score: 4, Funny

    How could you even think of browsing the internet without Internet Explorer 8 on Microsoft Windows 7? Do you realize that using knock-off "operating systems" and programs like Foxfire and Chrum and Oprah is intellectual property theft? Why do you think you fools are getting viruses? It's not cool. You're not slick and getting one over on "the man". It's fucking bullshit. Microsoft Internet Explorer 8 was designed and engineered to exacting standards to mesh flawlessly with the intricate security in Microsoft Windows 7. Your knock-off crap is not. Why do you freetards insist on removing your noses to spite your faces? Do you just tire of smelling your own bullshit? Microsoft Windows 7 and Microsoft Internet Explorer 8 are superior to this freetard shit in every possible way. Microsoft have invested billions of dollars in blood sweat and tears to deliver an exceptionally secure system and you people just take it for granted. What would you do if Microsoft were driven out of business because you thought you could steal from them and use Lumix and frebsd? You people disgust me with your Lunix and Crabble puke. Do you think you're special? Guess what... You're not! You can't think you can honestly get away with continually stealing the fruits of the billions of dollars Microsoft Research has invested in producing the intellectual property that you dorks so cavalierly pilfer to inject into your Gnom and KED and Quark shit. You all disgust me. You people need to look into the mirror and reevaluate your lives.

  10. Re:Not new... by paiute · · Score: 3, Funny

    How could you even think of browsing the internet without Internet Explorer 8 on Microsoft Windows 7?

    2/10: for using it's and your correctly.

    --
    If Slashdot were chemistry it would look like this:Cadaverine
  11. Just Hurting Kids and Old People by ideonexus · · Score: 4, Interesting

    What offends me most about these malware tactics is that I'm savvy enough to recognize the spoof, but the low income kids and old people in my neighborhood aren't. I know not to click on anything that pops up in my browser when I'm surfing, but every week I get people on my porch needing help cleaning out their infected systems, which I do and they get infected again within a week. How can these malware authors take pride in preventing little kids and old people access to the Internet or their software? Where's the sport? What pathetic losers.

    --
    i ~ Celebrating Science, Cyberspace, Speculation
  12. Re:Security Fix Schedule by gaspyy · · Score: 4, Insightful

    That'd be the day - when a browser developer can issue a patch for human stupidity.