New Scareware Imitates Browsers: Tricky, Malicious

Dennis Faas's picture

The latest bout of scareware making its way through the Internet uses legitimate-looking browser warning pages and offers up a dose of fake antivirus. Those responsible for its creation have matched the webpage layout offered by the world's most popular browsers, including Internet Explorer, Firefox, and others -- right down to the design and layout.

All Web Browsers Susceptible to Attack

The scareware, dubbed Rogue:MSIL/Zeven by antivirus firms, is able to identify the Internet browser you're using, and then displays a fake warning page that states the site you're browsing may be infected with a virus.

The fake web page warning then offers a "solution" to fix the problem, providing a direct download to fake antivirus software (another dupe). If users continue, the antivirus program reports "severe" issues with the computer and then offers to "fix" the problems for a fee.

All web browsers are susceptible to the attack. Click the below images for larger examples:

Fake Warning Pages Difficult to Discern

Better known as fake antivirus, Rogue:MSIL/Zeven employs the same kind of bogus computer scans and virus checks that other scareware scams use.

While the aesthetic qualities may be different, the purpose is always the same: scare unsuspecting people into purchasing needless, useless or corrupt software to eliminate viruses that do not exist.

The main concern of security officials is, given the similar appearances of Rogue:MSIL/Zeven and legitimate pages, spotting the scareware may be a challenge. As Microsoft Malware Protection Center analyst Daniel Radu recently put it, the "similarity between the fake warning pages is so accurate that it can trick even the highly trained eye." (Source:

Minor Details Determine Legitimacy

Fortunately, there are some minor details that can determine whether or not a warning is real.

For example, with Rogue:MSIL/Zeven the attackers overlooked a misspelling in the fake Firefox warning page button "get me out of here and upgrade." Another (very obvious) giveaway is that no legitimate browser alerts offers to sell antivirus software or upgrades. (Source:

While the scareware attempts to sell people a fake copy of Microsoft Security Essentials for a nominal fee, many forget that the real copy of the antivirus software is free for download that costs nothing.

Rate this article: 
No votes yet