Malware Identifies Web-Browser, Displays Bogus Security Alert Page

Software giant Microsoft has cautioned that a new malicious program is circulating that automatically determines the browser an end-user runs and subsequently copies the associated web-pages alerting of malware from Chrome, Internet Explorer, or Firefox.

The phony web-pages giving alerts quite resemble those of the individual browsers that are real, when the browsers encounter a dubious site. Importantly, the web-pages even advise users to download certain anti-virus software that turns out phony.

State the security researchers that although the malicious program tries very well to accomplish this task, the process lacks perfection. With an objective to trick an end-user into pulling down and executing something harmful, the malware helps to extort money during the process that's a very unlikely recommendation from Chrome, Firefox and IE.

The phony anti-viruses recommended are Rogue:MSIL/Zeven or Win7 AV that mimic several authentic security mitigations, the Windows' graphic components, and the Microsoft Security Essentials online site.

Moreover, aside displaying the phony alert web-pages, the malicious program appears same as the actual transaction. First it lets end-users to scrutinize folders and files, after which it informs them if they need to update, while facilitating the alteration of the privacy and security settings. However, when the folders are scanned, it invariably results in the detection of malware that can only be removed provided the user buys the complete edition of a certain update.

Users, who are sure that they would purchase the product, find an HTML dialog popping up, which claims to permit them permission for purchase whilst remaining safeguarded with a "powerful encryption" and "Safe Browsing Mode."

Revealed anti-virus Researcher Daniel Radu at Dublin-located Microsoft malware Protection Center, to begin, the attacker automatically determines the web-browser the end-user utilizes after, which he impersonates the page for malware alert from either Firefox or Chrome or IE. Softpedia published this on September 2, 2010.

According to Radu, the scheme applied is a tactic of social engineering that by exploiting users' faith in reputed web-browsers cheats them into accepting the rogue. Moreover, the impersonated alert pages are so perfectly created that they manage to deceive even highly experienced users, he adds.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 9/8/2010