Skip to main content

Scam site fakes Firefox and Chrome attack page warning

I had only recently sent out an email to a few close people educating them about the dangers of rogue anti-virus. Moments ago, I almost became a victim to the same danger I was warning them about.

Scam sites try to use popular computer usage behavior in order to bypass securities and install virus, trojans and spywares. And the attack upon my computer is yet another example that testifies to this.

While attempting to visit a site which I had never visited before, I was presented with the following message:


Looks like the authentic Firefox warning about a scam site? Well, it's not. I knew something was wrong because of the following:


The authentic Firefox warning is like this (notice the differences):
  • The original one has two buttons and an Ignore link, while the scam version just has one button.
  • The police-man logo is not positioned properly.
  • The scam version does not have website address in its warning page (Example: This web page at www.mozilla.com has been reported...).
  • Clicking the X button on all the dialogs gets you into an endless loop of dialogs. The Cancel button is similar to the X button and gets you into the same loop. Thus you are lured to click the OK button because it seems to be the only way out of this loop.
  • Look at the scam site address: It is antivirus-downloads.is.com. One of the popular ways scam sites spread spywares, viruses and trojans is by faking antivirus softwares.
  • The scam version prompts you to download secure updates for Firefox. But why would you need to download and install updates upon discovering a scam site?
  • Upon searching about this warning message, I found this webpage, which mentions that a similar attack exists for Google Chrome, faking Chrome's scam site warning.
The scam site bets on the general human behavior of computer usage. Many novice computer users are conditioned to do the following at prompts without reading or thinking about the prompt:
  • When two buttons OK and Cancel are presented, click Cancel.
  • When one button OK is presented, click OK.
  • When two buttons Yes and No are presented, click No.
Many others simply click the X button on top right corner of any dialog. While this maybe safe most of the time, even this action can be programmed to do something malicious in your computer.

When you suspect that you maybe under attack by scam site, the safest way out is to open Task Manager and find firefox.exe in the Processes tab, right-click it and select "End Process Tree." Once firefox.exe is no longer on the process list, run Firefox again, and you will be presented with a list of tabs and windows that were open. Find the tab that was the scam site, uncheck it, then click Restore to get your other tabs and windows back.

As for Google Chrome it is easier because Chrome includes a checkbox from the second dialog box onwards (if you clicked the X button on the first dialog): "Prevent this page from creating additional dialogs." Just enable this check box and click the X button and the site will stop showing dialogs. Then you can easily close the scam site's tab. (I really wish Firefox had this feature!)

Here is the contents of the original email that I had mentioned earlier:
I have found a blog with an excellent collection of rogue and fake antivirus software. These softwares pretend to scan your computer for viruses and provide antivirus protection. But in reality, these softwares are viruses themselves, and they also help install more viruses.

Also, these softwares are credit card theifs. They display fake results, tell you that your computer is infected, and that you must remove the viruses immediately. When you tell the software that you wish to remove the viruses, it redirects you to a website where you will be asked to purchase a full version of the fake antivirus software (this is where your credit card information may get stolen). This is a tell-tale sign of a fake. (Real free anti-virus softwares remove virus threats for free immediately upon finding them).

Here's the blog. Have a look at the number of rogue antivirus softwares they have listed here with screenshots: SUPERAntiSpyware Blog (http://www.superantispyware.com/blog/)

Familiarize yourself with the kind of names these rogue antivirus softwares have, and what they look like. Protect yourself from installing rogue antivirus by informing yourself about them. (Don't forget to check out the past entries on the blog!)

My preferred real free antivirus is AVG. You can also look for Avast! free anti-virus. Those who would like to take paid route can look for Kaspersky, McAfee or Norton.

Comments

Popular posts from this blog

Disable auto save in JetBrains IDE software (IntelliJ IDEA, PyCharm, PhpStorm)

JetBrains provides the following IDE software:
IntelliJ IDEAPhpStormPyCharmRubyMineWebStormAppCodeCLion Google also provides Android Studio which is powered by the IntelliJ platform.

If you come from a different IDE such as Eclipse, you will be unpleasantly surprised to find that JetBrains-branded IDEs automatically save everything the moment you look away. The proponents argue that as you work on your project, you should not have to worry about saving files. But to others, this auto-save behavior which is enabled by default is a curse that catches them by surprise, and a shocking departure from the workflow they are very much used to.

You can change the behavior by altering some settings.

Stop having to click Unblock on every downloaded file

CAUTION: The blocking of downloaded files in Windows is a security and safety feature to help prevent your computer from being infected by viruses and other malware. Only disable this feature if you know what you're doing.

I had been plagued by this annoyance since the days of Windows Vista. Any downloaded file, no matter what browser I use, gets tagged as "blocked" by Windows. You can open downloaded documents even though they are blocked, but when you run a downloaded application (such as a setup file) you're presented with a "Security Warning" before you're allowed to run it. It's worse if you extract a downloaded ZIP file with the Windows' built-in ZIP management. Every extracted file is blocked by default.

Being a geek who finds unnecessary "security" prompts annoying, the first thing I do in Windows is to disable the User Account Control (UAC). But I couldn't quite figure out how to disable blocking of downloaded files until …

How to change default and internal currency in self-hosted Odoo or OpenERP

If you wish to use Odoo in a single-currency environment, you will find issues changing the currency in the Odoo interface itself. If you have a self-hosted solution of Odoo or OpenERP, you already have unprecedented control over the system, unlike the cloud-based solution from Odoo. This means that you can very easily fix the issue by hacking the database that Odoo is relying on. Even in a multi-currency environment, you can use the same trick to change the global default currency - the fix is very clean for any environment - there is just an extra step to update the currency rate settings.

Even in the latest version of Odoo, we still face the ridiculous bug that Odoo internally ALWAYS uses EUR (Euro) as the internal currency. This has created many problems for many users wanting to use a different currency. Despite being set to a different currency from the Odoo interface, the eCommerce site, reports, accounting, etc are still shown using EUR and the Euro symbol, creating confusion…