07 Sep 2010

Fake browser alerts link to bogus antivirus program

Microsoft recently warned of new “scareware” that uses a social engineering scheme to draw users into buying a fake antivirus program.

The scareware, dubbed Zeven, identifies what web browser a user is currently using, such as Internet Explorer or Firefox, then sends a mimicked version of the browser’s malware warning page which links to a fake antivirus software called Win7 AV.

When installed, the product appears to scan files, then prompts users to update their security by paying for the full version.

Microsoft points out the look the fake warning pages and the Win7 AV appears genuine and likely to trick even trained professionals. But there are some giveaways, such as a misspellings and the fact that the real browsers’ warning alerts do not attempt to sell antivirus software.

Downloading scareware products can often result in viruses, Trojans or keyloggers being installed on the user’s computer. According to an FBI report, scareware tactics have caused a loss in excess of $150 million to victims.