Skip to main content

Scam site fakes Firefox and Chrome attack page warning

I had only recently sent out an email to a few close people educating them about the dangers of rogue anti-virus. Moments ago, I almost became a victim to the same danger I was warning them about.

Scam sites try to use popular computer usage behavior in order to bypass securities and install virus, trojans and spywares. And the attack upon my computer is yet another example that testifies to this.

While attempting to visit a site which I had never visited before, I was presented with the following message:


Looks like the authentic Firefox warning about a scam site? Well, it's not. I knew something was wrong because of the following:


The authentic Firefox warning is like this (notice the differences):
  • The original one has two buttons and an Ignore link, while the scam version just has one button.
  • The police-man logo is not positioned properly.
  • The scam version does not have website address in its warning page (Example: This web page at www.mozilla.com has been reported...).
  • Clicking the X button on all the dialogs gets you into an endless loop of dialogs. The Cancel button is similar to the X button and gets you into the same loop. Thus you are lured to click the OK button because it seems to be the only way out of this loop.
  • Look at the scam site address: It is antivirus-downloads.is.com. One of the popular ways scam sites spread spywares, viruses and trojans is by faking antivirus softwares.
  • The scam version prompts you to download secure updates for Firefox. But why would you need to download and install updates upon discovering a scam site?
  • Upon searching about this warning message, I found this webpage, which mentions that a similar attack exists for Google Chrome, faking Chrome's scam site warning.
The scam site bets on the general human behavior of computer usage. Many novice computer users are conditioned to do the following at prompts without reading or thinking about the prompt:
  • When two buttons OK and Cancel are presented, click Cancel.
  • When one button OK is presented, click OK.
  • When two buttons Yes and No are presented, click No.
Many others simply click the X button on top right corner of any dialog. While this maybe safe most of the time, even this action can be programmed to do something malicious in your computer.

When you suspect that you maybe under attack by scam site, the safest way out is to open Task Manager and find firefox.exe in the Processes tab, right-click it and select "End Process Tree." Once firefox.exe is no longer on the process list, run Firefox again, and you will be presented with a list of tabs and windows that were open. Find the tab that was the scam site, uncheck it, then click Restore to get your other tabs and windows back.

As for Google Chrome it is easier because Chrome includes a checkbox from the second dialog box onwards (if you clicked the X button on the first dialog): "Prevent this page from creating additional dialogs." Just enable this check box and click the X button and the site will stop showing dialogs. Then you can easily close the scam site's tab. (I really wish Firefox had this feature!)

Here is the contents of the original email that I had mentioned earlier:
I have found a blog with an excellent collection of rogue and fake antivirus software. These softwares pretend to scan your computer for viruses and provide antivirus protection. But in reality, these softwares are viruses themselves, and they also help install more viruses.

Also, these softwares are credit card theifs. They display fake results, tell you that your computer is infected, and that you must remove the viruses immediately. When you tell the software that you wish to remove the viruses, it redirects you to a website where you will be asked to purchase a full version of the fake antivirus software (this is where your credit card information may get stolen). This is a tell-tale sign of a fake. (Real free anti-virus softwares remove virus threats for free immediately upon finding them).

Here's the blog. Have a look at the number of rogue antivirus softwares they have listed here with screenshots: SUPERAntiSpyware Blog (http://www.superantispyware.com/blog/)

Familiarize yourself with the kind of names these rogue antivirus softwares have, and what they look like. Protect yourself from installing rogue antivirus by informing yourself about them. (Don't forget to check out the past entries on the blog!)

My preferred real free antivirus is AVG. You can also look for Avast! free anti-virus. Those who would like to take paid route can look for Kaspersky, McAfee or Norton.

Comments

Post a Comment

Comments are moderated, and are usually posted within 24 hours if approved. You must have a minimum of OpenID to post comments.

Popular posts from this blog

Disable auto save in JetBrains IDE software (IntelliJ IDEA, PyCharm, PhpStorm)

JetBrains provides the following IDE software: IntelliJ IDEA PhpStorm PyCharm RubyMine WebStorm AppCode CLion Google also provides Android Studio which is powered by the IntelliJ platform. If you come from a different IDE such as Eclipse, you will be unpleasantly surprised to find that JetBrains-branded IDEs automatically save everything the moment you look away. The proponents argue that as you work on your project, you should not have to worry about saving files. But to others, this auto-save behavior which is enabled by default is a curse that catches them by surprise, and a shocking departure from the workflow they are very much used to. You can change the behavior by altering some settings.
Post a Comment
Read more

Make Samsung DVD-C350 region-free

Update 2: An anonymous commentator has shown me a way to make Region 1 players (such as DVD-H1080R) region-free by first converting it to Region 3, then applying my region-free hack below. For details, click here or look for a comment by an Anonymous user dated 18 April 2011. Update: The instructions in the original post below did not make the DVD player region-free. Instead it only locked it to region 1. Many thanks to Anonymous who posted the first comment on this post, I now have alternate instructions. Note: If you have edited the numbers menu (see original post) , I suggest you return it to the original settings you had backed up. A modified numbers menu may prevent the instructions below from working properly.
62 comments
Read more

Group, Ungroup and Regroup disabled in Word

I was editing a Microsoft Word document which had a collection of shapes and text boxes grouped together. I wanted to modify some of the shapes, and therefore I had to ungroup them. But when I right-click the group and open the Group menu, all three options namely Group, Ungroup and Regroup are completely disabled or grayed out. I couldn’t figure out what’s wrong. This group of objects is perfectly ungroupable, and I can even select objects within the group. However, Microsoft Word 2007 is not letting me ungroup it. I searched the Internet for a solution, but did not find anything very useful. The closest I came across is this statement: “The type of Text Wrapping doesn't make any difference as long as it isn't In Line with Text.” ( Link here ) Anyway, I changed the text wrapping of the group of objects from ‘In line with Text’ to ‘Tight’ and viola! I could now ungroup it and edit it. The document got a bit messed up when I did so, but after I ungrouped, edited and regro
10 comments
Read more