Sophos Cloud Optix
Purveyors of fake security software don’t let much grass grow under their feet and continually make improvements to their social engineering lures.
While most of the talk for the past month has been their move to Mac with fake Finder pop-ups that appear to scan your computer, they haven’t stopped innovating on Windows either.
Their latest scam? They detect your user-agent string from your web browser and display a fake Firefox security alert if you are using the Mozilla Firefox web browser.
Internet Explorer users get the standard “My Computer” dialog that appears to do a system scan inside their browser window.
Taking advantage of detailed information about the person’s computer and software allows for a much more specific, believable social engineering attempt.
We are likely to continue to see these criminals targeting each operating system, browser and any other details that can be gleaned from HTTP requests sent from our devices.
If you click the “Start Protection” button you will download the latest, greatest fake anti-virus program which will perform exactly the way you would expect a fake anti-virus program to.
It will faithfully detect fake viruses on your computer until you register it for $80 or more.
If you are a Firefox user and see a warning about viruses on your computer, you will know it is fake. Firefox does not include a virus scanner inside of it and it will only warn you about visiting malicious pages.
If you get a warning about a dangerous website from Firefox you can always play it safe… Close the browser.
Nuclear Firefox image credit: iPholio on DeviantArt
This could be one of the smartest scams I’ve ever seen.
I had one of these whilst using Google Chrome engined Rockmelt – I wasn’t sure whether there was a new dangerous software check built into the new Chrome 12 or not – I killed the whole session rather than click on anything that might trigger something happening – it was the same as above but with Chrome Security Alert as a heading – It came via Google Images and an image URL which, when clicked on gave me an almost exact copy of the above screen
i’ve had this – just killed it!
Perhaps a visit to the grammar police would make this “warning” more believable. *smacks forehead*
How about other browsers? What would the page show if visiting from mobile browser?
I’ve been getting this on my Chrome as well.
If people simply avoided any alert boxes with poor grammar, they would be safe from seemly 90% of attacks.
STOP DOWNLOADING FAKE AVS USE YOUR HEADS SHEESH……
Most Fake AV download automatically seesh!
Had one pop up using my Ubuntu Linux machine. I thought it hilariuos that I had virus residing in C:WindowsSystem32. I saved the html page and now I use it for teaching my coworkers about web safety.
What exactly does the fake update do to your computer? the only thing i saw here is that itresults in morem scareware. Is there anything else??