Fake Firefox warnings lead to scareware

Filed Under: Featured, Firefox, Malware

Nuclear Firefox logoPurveyors of fake security software don't let much grass grow under their feet and continually make improvements to their social engineering lures.

While most of the talk for the past month has been their move to Mac with fake Finder pop-ups that appear to scan your computer, they haven't stopped innovating on Windows either.

Their latest scam? They detect your user-agent string from your web browser and display a fake Firefox security alert if you are using the Mozilla Firefox web browser.

Fake Firefox security alert

Internet Explorer users get the standard "My Computer" dialog that appears to do a system scan inside their browser window.

Taking advantage of detailed information about the person's computer and software allows for a much more specific, believable social engineering attempt.

We are likely to continue to see these criminals targeting each operating system, browser and any other details that can be gleaned from HTTP requests sent from our devices.

If you click the "Start Protection" button you will download the latest, greatest fake anti-virus program which will perform exactly the way you would expect a fake anti-virus program to.

It will faithfully detect fake viruses on your computer until you register it for $80 or more.

If you are a Firefox user and see a warning about viruses on your computer, you will know it is fake. Firefox does not include a virus scanner inside of it and it will only warn you about visiting malicious pages.

If you get a warning about a dangerous website from Firefox you can always play it safe... Close the browser.

Nuclear Firefox image credit: iPholio on DeviantArt

, , ,

You might like

10 Responses to Fake Firefox warnings lead to scareware

  1. Brian Lavoie · 1554 days ago

    This could be one of the smartest scams I've ever seen.

  2. worldwright · 1554 days ago

    I had one of these whilst using Google Chrome engined Rockmelt - I wasn't sure whether there was a new dangerous software check built into the new Chrome 12 or not - I killed the whole session rather than click on anything that might trigger something happening - it was the same as above but with Chrome Security Alert as a heading - It came via Google Images and an image URL which, when clicked on gave me an almost exact copy of the above screen

  3. sallyw · 1554 days ago

    i've had this - just killed it!

  4. Jan · 1554 days ago

    Perhaps a visit to the grammar police would make this "warning" more believable. *smacks forehead*

  5. Tyw7 · 1554 days ago

    How about other browsers? What would the page show if visiting from mobile browser?

  6. Aaron · 1554 days ago

    I've been getting this on my Chrome as well.

  7. If people simply avoided any alert boxes with poor grammar, they would be safe from seemly 90% of attacks.

  8. thedarkcrow2009 · 1554 days ago


  9. Tom · 1541 days ago

    Had one pop up using my Ubuntu Linux machine. I thought it hilariuos that I had virus residing in C:WindowsSystem32. I saved the html page and now I use it for teaching my coworkers about web safety.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.