Security Bytes

Oct 20 2010   2:03PM GMT

Rogue antivirus spoofs Firefox, Google attack warning pages

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


Spoofed warning page includes a download link attempting to trick users with a phony browser update.

Security researchers at F-Secure and Websense have discovered cybercriminals pitching rogue antivirus software using a spoofed version of attack warning pages used in Firefox and Google Chrome designed to block users from visiting malicious websites.

The phony attack page includes a download link that purports to be a browser update, but instead downloads rogue antivirus software, according to F-Secure.

According to F-Secure:

If your scripts are enabled, you don’t even need to click on the “Download Updates!” button. It will just offer the rogue AV to you.

It then refuses to let the user cancel the download.

In addition, Websense researchers found an iFrame that installs the Phoenix exploit kit from a different domain. Phoenix is used by cybercriminals pimping rogue AV to harvest data on infected machines and dupe the end user into buying the antivirus software. The kit consists of nine exploits for browser vulnerabilities, Java flaws, Flash errors and Adobe Reader bugs.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: