The Firefox browser is well known for its security features. Now a Trojan Horse program is taking advantage of that by displaying fake alert messages. Clicking the wrong button leads to a website, that asks the surfer to install fake anti-virus software. Be careful if you are routed to stopmalwaredomains.com, defenderpageblock.com, adwaredomainlist.com and browserliveprotection.com.
Scareware is becoming more and more popular among cyber crooks, and is a very profitable business. The current scheme is particularly furtive, because it imitates Firefox's security warnings.
Screenshot 1: Firefox-look-alike warning
The fraudscheme is launched by a Trojan (we detect it as Trojan.FakeAlert.BFW) that has been executed on the system (be it by the user or by a backdoor). The malware is redirecting all traffic to the sites that display the Firefox-look-alike warning message. It warns that the website probably contains "malicious software". The user is to make a decision by clicking a button. If they don't want to "Continue Unprotected", they are routed to a website that offers a "Security software" named "Personal Antivirus".
Screenshot 2: Scareware im Angebot
What you get in the best case, is a useless piece of code. This one informs the user that the PC is infected with malware. Buying the software stops the nagging but might include downloaders for additional malware. Payment is possible by credit card only. It wouldn't come as a surprise, if the data entered there would be traded in the underground market and used in other fraudulent activities.