Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Previous Next

Web Threats

June 11, 2011
2

Have a look at this Microsoft Update notification, captured in a screenshot. Can you spot what's wrong with it?

microsoft-update-big.jpg (890×545).png

 

It took me a moment to spot it, and I already knew that this was a fake. Hint : look at the browser.

 

That's right : this window came up in a Firefox browser session. And Microsoft Update always uses Internet Explorer.

 

If this happens to you, DO NOT CLICK on anything. Kill the tab, or the browser session. If you click on it what you get is a download of a fake antivirus program, which could be alarming if you were already expecting the Malicious Software Removal Tool to download and run.

Notably, this scareware represents a breed of malware that detects the user agent strings in Web browsers, then adapts itself accordingly to better target its victims. Sophos reported recently about a similar scareware app that determines whether a user is running Firefox or Internet Explorer. Users running Firefox get a fake Firefox security alert, warning of various viruses. Internet Explorer users, by contrast, get a My Computer dialog that feigns a system scan inside the browser window.

 

Whoever released this into the wild made one small mistake in checking for the user agent string, which has given the game away.

 

The golden rule is, as always : if you weren't expecting it, don't click on it. It's always safer to go the official website to get any updates or downloads.

 

Thanks to Sophos, InfoWorld and WinCert for picking up on this. The scareware authors are getting more professional, so we can expect more like this but even better.