Sunday, October 24, 2010

Scam site fakes Firefox and Chrome attack page warning

I had only recently sent out an email to a few close people educating them about the dangers of rogue anti-virus. Moments ago, I almost became a victim to the same danger I was warning them about.

Scam sites try to use popular computer usage behavior in order to bypass securities and install virus, trojans and spywares. And the attack upon my computer is yet another example that testifies to this.

While attempting to visit a site which I had never visited before, I was presented with the following message:


Looks like the authentic Firefox warning about a scam site? Well, it's not. I knew something was wrong because of the following:


The authentic Firefox warning is like this (notice the differences):
  • The original one has two buttons and an Ignore link, while the scam version just has one button.
  • The police-man logo is not positioned properly.
  • The scam version does not have website address in its warning page (Example: This web page at www.mozilla.com has been reported...).
  • Clicking the X button on all the dialogs gets you into an endless loop of dialogs. The Cancel button is similar to the X button and gets you into the same loop. Thus you are lured to click the OK button because it seems to be the only way out of this loop.
  • Look at the scam site address: It is antivirus-downloads.is.com. One of the popular ways scam sites spread spywares, viruses and trojans is by faking antivirus softwares.
  • The scam version prompts you to download secure updates for Firefox. But why would you need to download and install updates upon discovering a scam site?
  • Upon searching about this warning message, I found this webpage, which mentions that a similar attack exists for Google Chrome, faking Chrome's scam site warning.
The scam site bets on the general human behavior of computer usage. Many novice computer users are conditioned to do the following at prompts without reading or thinking about the prompt:
  • When two buttons OK and Cancel are presented, click Cancel.
  • When one button OK is presented, click OK.
  • When two buttons Yes and No are presented, click No.
Many others simply click the X button on top right corner of any dialog. While this maybe safe most of the time, even this action can be programmed to do something malicious in your computer.

When you suspect that you maybe under attack by scam site, the safest way out is to open Task Manager and find firefox.exe in the Processes tab, right-click it and select "End Process Tree." Once firefox.exe is no longer on the process list, run Firefox again, and you will be presented with a list of tabs and windows that were open. Find the tab that was the scam site, uncheck it, then click Restore to get your other tabs and windows back.

As for Google Chrome it is easier because Chrome includes a checkbox from the second dialog box onwards (if you clicked the X button on the first dialog): "Prevent this page from creating additional dialogs." Just enable this check box and click the X button and the site will stop showing dialogs. Then you can easily close the scam site's tab. (I really wish Firefox had this feature!)

Here is the contents of the original email that I had mentioned earlier:
I have found a blog with an excellent collection of rogue and fake antivirus software. These softwares pretend to scan your computer for viruses and provide antivirus protection. But in reality, these softwares are viruses themselves, and they also help install more viruses.

Also, these softwares are credit card theifs. They display fake results, tell you that your computer is infected, and that you must remove the viruses immediately. When you tell the software that you wish to remove the viruses, it redirects you to a website where you will be asked to purchase a full version of the fake antivirus software (this is where your credit card information may get stolen). This is a tell-tale sign of a fake. (Real free anti-virus softwares remove virus threats for free immediately upon finding them).

Here's the blog. Have a look at the number of rogue antivirus softwares they have listed here with screenshots: SUPERAntiSpyware Blog (http://www.superantispyware.com/blog/)

Familiarize yourself with the kind of names these rogue antivirus softwares have, and what they look like. Protect yourself from installing rogue antivirus by informing yourself about them. (Don't forget to check out the past entries on the blog!)

My preferred real free antivirus is AVG. You can also look for Avast! free anti-virus. Those who would like to take paid route can look for Kaspersky, McAfee or Norton.

No comments:

Post a Comment

Comments are moderated, and are usually posted within 24 hours if approved. You must have a minimum of OpenID to post comments.

LinkWithin

Related Posts with Thumbnails