Fake antivirus software wears convincing Microsoft Update mask

Targeting Firefox users, new scareware exploits browser user strings and authentic-looking design to fool victims

Windows users running Firefox are being targeted by scareware groomed to look convincingly like Microsoft Update, according to a security adviser at Sophos. The news once again demonstrates that cyber criminals are becoming increasingly skilled at crafting malware to dupe even the moderately tech-savvy user, exploiting info in users' Web browser user strings and appropriating reputable companies' product names, logos, and designs.

This particular scareware aims to tricks Windows users running Mozilla Firefox into installing a fake antivirus package. It starts with an alert window popping up, purportedly for installing a critical update to -- fittingly -- the Windows Malicious Software Removal Tool. The window does bear a striking resemblance to a real Windows Update window.

If the user agrees to install the 2.8MB "security update," he or she really ends up installing scareware: fake antivirus software that tells the user that his or her systems is plagued with viruses and urges the user to purchase a full version of the "antivirus software" to commence the system-cleansing process.

This scareware does have one notable tell that might tip off users that it's fake: It prompts them to perform a Windows Update while running Firefox. Authentic Windows Updates only launch through Internet Explorer.

Notably, this scareware represents a breed of malware that detects the user agent strings in Web browsers, then adapts itself accordingly to better target its victims. Sophos reported recently about a similar scareware app that determines whether a user is running Firefox or Internet Explorer. Users running Firefox get a fake Firefox security alert, warning of various viruses. Internet Explorer users, by contrast, get a My Computer dialog that feigns a system scan inside the browser window.

This story, "Fake antivirus software wears convincing Microsoft Update mask," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform