Scareware Campaign Using Chrome And Firefox Alerts, Warns F-Secure

F-Secure the security company cautions computer operators that a newly unleashed malware scam is cashing in on the alerts about "malicious websites" that Chrome and Firefox commonly display so that unwitting users can be deceived into taking down fake anti-virus software.

State the security investigators that distributors of malicious programs are repeatedly exploiting users' trust accorded to these browser alerts so that the latter can be infected.

Actually, when Web-users go to a page providing a so-called "SecurityTool," a familiar malicious program which poses as an anti-virus product, the attack takes place. Typically, this page resembles the actual one, but with the exception that there's a button, which says "Download Updates," indicating that users can find security patches that'll fix vulnerabilities in these browsers.

Meanwhile, anybody who surfs in Chrome or Firefox will undoubtedly find the "malicious website" alerts in white and red colors which are projected in these browsers for stopping contaminated websites.

The alert on Firefox reads "Reported Attack Page!" whereas it's "Warning: Visiting site may harm your computer!" on Chrome. Further, both these alerts provide Web-users with the "Download Updates" advice.

Notably, in a way, the malware alerts state the truth as the websites attempt at contaminating the visitor's PC. However, merely those users are infected who take down the offered safeguard willingly by clicking a button the alert web-pages display.

For, on pressing these buttons, executable files are loaded which download fake anti-virus software that frighten users into buying one license. And if effectively exploited, malware gets planted onto the infected PC of the victim.

Further, once planted, the malware infects the user's computer with the rogue AV as well as compromises his system. This rogue AV, which is popularly called scareware, repeatedly cautions of viruses followed with payment demand for getting the scareware eliminated.

Disclose the researchers that these kinds of assaults target security flaws within obsolete versions of widely used applications like Adobe Reader, Flash Player, Java, or even Chrome and Firefox themselves.

Thus it's advisable that users maintain up-to-date anti-virus programs and other applications as well as use their browsers' script-blocking mechanisms like Firefox's NoScript extension.

Related article: SecureWorks Identifies Bank and Information Stealing Trojan Coreflood

» SPAMfighter News - 10/28/2010