Firefox security alert turns out to be scareware trap
Malware sites issue warnings about malware sites
G Data warns users about fake Firefox security alerts. The fraud is carried out using a Trojan that causes any URL entered to be forwarded to primed websites. Potential victims are then lured into installing 'up-to-date antivirus software'. But rather than offering protection against real threats, online criminals misuse the browser's security function to distribute fake antivirus software, called scareware. G Data Security Labs experts are currently warning people not to visit websites called stopmalwaredomains.com, defenderpageblock.com, adwaredomainlist.com and browserliveprotection.com. "We are seeing a definite increase in fake antivirus programs. Scareware has recently become one of the most profitable sources of income in the digital underground. This latest ploy is particularly devious as it imitates Firefox security alerts. The best that can happen is that victims purchase worthless antivirus software. But of course, we must assume that the culprits will use the Trojan to propagate infections and sell on any credit card data they garner," says Ralf Benzmüller, Head of G Data Security Labs, in summary.
Screenshot 1: Fake Firefox alert
Screenshot 2: Genuine Firefox alert
What it does and how
Online criminals use a Trojan installed in advance to manipulate all addresses entered into the browser so that users are always referred to domains with fake security alerts. Potential victims are then shown a warning message based on the security system integrated into the popular Firefox web browser. This tells the user that the website he is trying to get to contains potential malware and advises installing security software.
Anyone who is taken in by the fake alert and clicks on the "Get security software" button in the message is forwarded to a website where "Personal Antivirus" scareware is offered for sale. This is fake antivirus software, merely intended to trick the user into believing that there is an infection on his computer.
Users of G Data security solutions are protected against the latest attacks from stopmalwaredomains.com and the other domains listed below by the integrated HTTP filter that scans and blocks malicious website content before it can reach the browser. Latest generation G Data security products identify the malicious websites as "Trojan.FakeAlert.BFW".
Screenshot 3: Scareware for sale
Keeping virus protection and operating systems up to date
Besides installing effective virus protection, G Data advises all PC users to keep the operating system they use and the application software they have installed permanently updated. Unclosed (unpatched) security holes provide perfect gateways for malware. Thus, besides regular operating system updates, application software installed should be checked for currency and updated where necessary.
© 2007 - 2010 G Data Software AG. All rights reserved
