Skip to main content

Scam site fakes Firefox and Chrome attack page warning

I had only recently sent out an email to a few close people educating them about the dangers of rogue anti-virus. Moments ago, I almost became a victim to the same danger I was warning them about.

Scam sites try to use popular computer usage behavior in order to bypass securities and install virus, trojans and spywares. And the attack upon my computer is yet another example that testifies to this.

While attempting to visit a site which I had never visited before, I was presented with the following message:

Looks like the authentic Firefox warning about a scam site? Well, it's not. I knew something was wrong because of the following:

The authentic Firefox warning is like this (notice the differences):
  • The original one has two buttons and an Ignore link, while the scam version just has one button.
  • The police-man logo is not positioned properly.
  • The scam version does not have website address in its warning page (Example: This web page at has been reported...).
  • Clicking the X button on all the dialogs gets you into an endless loop of dialogs. The Cancel button is similar to the X button and gets you into the same loop. Thus you are lured to click the OK button because it seems to be the only way out of this loop.
  • Look at the scam site address: It is One of the popular ways scam sites spread spywares, viruses and trojans is by faking antivirus softwares.
  • The scam version prompts you to download secure updates for Firefox. But why would you need to download and install updates upon discovering a scam site?
  • Upon searching about this warning message, I found this webpage, which mentions that a similar attack exists for Google Chrome, faking Chrome's scam site warning.
The scam site bets on the general human behavior of computer usage. Many novice computer users are conditioned to do the following at prompts without reading or thinking about the prompt:
  • When two buttons OK and Cancel are presented, click Cancel.
  • When one button OK is presented, click OK.
  • When two buttons Yes and No are presented, click No.
Many others simply click the X button on top right corner of any dialog. While this maybe safe most of the time, even this action can be programmed to do something malicious in your computer.

When you suspect that you maybe under attack by scam site, the safest way out is to open Task Manager and find firefox.exe in the Processes tab, right-click it and select "End Process Tree." Once firefox.exe is no longer on the process list, run Firefox again, and you will be presented with a list of tabs and windows that were open. Find the tab that was the scam site, uncheck it, then click Restore to get your other tabs and windows back.

As for Google Chrome it is easier because Chrome includes a checkbox from the second dialog box onwards (if you clicked the X button on the first dialog): "Prevent this page from creating additional dialogs." Just enable this check box and click the X button and the site will stop showing dialogs. Then you can easily close the scam site's tab. (I really wish Firefox had this feature!)

Here is the contents of the original email that I had mentioned earlier:
I have found a blog with an excellent collection of rogue and fake antivirus software. These softwares pretend to scan your computer for viruses and provide antivirus protection. But in reality, these softwares are viruses themselves, and they also help install more viruses.

Also, these softwares are credit card theifs. They display fake results, tell you that your computer is infected, and that you must remove the viruses immediately. When you tell the software that you wish to remove the viruses, it redirects you to a website where you will be asked to purchase a full version of the fake antivirus software (this is where your credit card information may get stolen). This is a tell-tale sign of a fake. (Real free anti-virus softwares remove virus threats for free immediately upon finding them).

Here's the blog. Have a look at the number of rogue antivirus softwares they have listed here with screenshots: SUPERAntiSpyware Blog (

Familiarize yourself with the kind of names these rogue antivirus softwares have, and what they look like. Protect yourself from installing rogue antivirus by informing yourself about them. (Don't forget to check out the past entries on the blog!)

My preferred real free antivirus is AVG. You can also look for Avast! free anti-virus. Those who would like to take paid route can look for Kaspersky, McAfee or Norton.


Popular posts from this blog

Disable auto save in JetBrains IDE software (IntelliJ IDEA, PyCharm, PhpStorm)

JetBrains provides the following IDE software:
IntelliJ IDEAPhpStormPyCharmRubyMineWebStormAppCodeCLion Google also provides Android Studio which is powered by the IntelliJ platform.

If you come from a different IDE such as Eclipse, you will be unpleasantly surprised to find that JetBrains-branded IDEs automatically save everything the moment you look away. The proponents argue that as you work on your project, you should not have to worry about saving files. But to others, this auto-save behavior which is enabled by default is a curse that catches them by surprise, and a shocking departure from the workflow they are very much used to.

You can change the behavior by altering some settings.

Stop having to click Unblock on every downloaded file

CAUTION: The blocking of downloaded files in Windows is a security and safety feature to help prevent your computer from being infected by viruses and other malware. Only disable this feature if you know what you're doing.

I had been plagued by this annoyance since the days of Windows Vista. Any downloaded file, no matter what browser I use, gets tagged as "blocked" by Windows. You can open downloaded documents even though they are blocked, but when you run a downloaded application (such as a setup file) you're presented with a "Security Warning" before you're allowed to run it. It's worse if you extract a downloaded ZIP file with the Windows' built-in ZIP management. Every extracted file is blocked by default.

Being a geek who finds unnecessary "security" prompts annoying, the first thing I do in Windows is to disable the User Account Control (UAC). But I couldn't quite figure out how to disable blocking of downloaded files until …

Setting up a local Oracle XE database and importing DMP file

The experience of setting up a local Oracle Express Edition database is not a straight-forward as it should be. The following is supposed to outline what could go wrong and how to go about it the right way. It also includes importing a DMP file (a dump) from another system.
First of all, download the installer from Oracle website. You will need to sign-in to download - the account creation is free. Be sure to choose the correct bit as per your computer (x64 or x86).Extract the download and install XE by running DISK1\setup.exe (and feel nostalgic of the floppy disk era). During installation, you will need to choose a new password. There will also be some details displayed after you enter the new password, such as folders and ports.Be sure to save both password and details in a text file for future reference.I saved it as C:\oraclexe\details.txt.Save password only if it's generic and you are likely to forget. The installation will take a while, but usually, no restart is necessary.O…