Firefox users are being targeted by new scam that tries to load a user’s PC with fake antivirus software using a passably convincing version of the Windows Update page.
Fake antivirus scams are legion, and ones using bogus update pages of one sort of another are also an established trick. The oddity of the latest incarnation of the attack, discovered by Sophos, is that it triggers only when encountering Windows users of Firefox pushed to it through a page redirect.
The first big giveaway? Windows Update can only normally be started as a background activity in Windows or through Internet Explorer.
The page itself is a copy of the Windows Update page offering an “urgent” 2.8MB download which will turn out to start a useless security scan plugging fake antivirus software. The technique is clever. Users who agree to the update without being entirely sure that it is genuine will be more easily convinced that a PC has been infected with the non-existent malware later detected by the bogus program.
"Users need to be more vigilant than ever before as bogus security alerts pop-up in their browsers," said Graham Cluley of Sophos. "Fake anti-virus attacks are big business for cybercriminals and they are investing time and effort into making them as convincing as possible."
"Malicious hackers are using smart social engineering tricks more and more often, and the risk is that users will be scared by a phoney warning into handing over money to fix problems that never existed in the first place," he said.
Attacks targetting Mozilla Firefox users seem to be a mini-fashion right now. Last week, the company reported a separate scam that throws up bogus security warnings that ape the browser’s security alerts as yet another method of pushing the same useless scareware products.
Neither are entirely convincing to an experienced user but they probably don’t need to be to satisfy a business model that delivers decent rewards simply for tricking a handful people into installing a fake antivirus system.