Fake Browser Security Warnings scamming Users Into Downloading 'Scareware'

Parveen Vashishtha, Security Researcher at Symantec stated that the cybercriminals were spoofing anti-malware security alert warnings displayed in famous Internet browsers to trick innocent users into downloading bogus security software, as reported by eweek on 6th Oct. 2010.

The security firm states that web browsers such as Firefox and Chrome, along with Google's web search engine, utilizes the Google Safe Browsing API to find out whether opened websites are malicious. While coming across a malicious source, web browsers such as Firefox and Chrome shows their own tailored security alerts, providing users with the alternative to close the web page or overlook the warning and continue.

As per the security researchers at Symantec, cybercriminals have counterfeit versions for each of the browser security alert pages. Furthermore, they even have a fake version of Internet Explorer, though Microsoft's browser doesn't utilize the Google safe Browsing API (Application Program Interface).

According to Parveen Vashishtha these warnings included an important "Get Updates!!" button that proffers to download a browser security update.

If the users click on this button, then the software scareware is saved on the users' systems. The software is given the name scareware as it scares web users with bogus warnings into purchasing and installing a worthless browser security update to their systems. This "Get Updates!!" button, in reality, substitutes the "Get me out of here!" tab that Google generally displays on genuine security alert web pages.

As per the security experts, there is actually no such browser that provides its users security updates from its own anti-malware warning display screen.

Once the users have accepted the scareware attacks the users' system with numerous fake alerts until the victims pay $40 to $50 to purchase the worthless program.

The security firm also stated that in case if the users comprehends the risk and hits cancel, they are again directed to a drive-by download web page that utilizes the Phoenix exploit toolkit, which comprises JavaScript codes that targets identified flaws in Windows, Internet Explorer, and Java to secretively install the 'scareware' on their systems.

Commenting on the issue, Chris Larsen, Security Researcher at Blue Coat Systems said that users should frequently download and patch their computers and software with the most recent security updates only from a genuine software vendors' official website, as reported by eweek on 4th Oct 2010.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 10/13/2010