back to article Rogue AV pimps finally show love for alternative browsers

For years, ads pimping malware disguised as legitimate antivirus programs have gone to great lengths to mimic the look and feel of Microsoft's Internet Explorer browser and Windows operating system. Now Mozilla Firefox, Google Chrome, and Apple Safari are getting the same treatment. A security researcher from Zscaler has …


This topic is closed for new posts.
  1. Tom Maddox Silver badge

    I await . . .

    . . . the Opera users who, failing to understand the methodology behind this approach, erroneously attribute Opera's absence from the list to be a sign of its superiority rather than its obscurity.

    1. Anonymous Coward

      Yes, but...

      You have to admit that Opera users will not face these problems. This is an advantage to using Opera therefore it is a better browser than anything out there.

    2. streaky


      It's funny because it's true, nice effort.

    3. This post has been deleted by its author

    4. Ammaross Danan


      Opera isn't targeted, likely due to obscurity, not any "safety" mechanism in the browser that prevents these kinds of things. That is, unless, Opera no longer has a "click on the link and download a file" capability? Still does? Well, you're just as vulnerable then.

      Also, I have a hard enough time finding people who would even notice if the "popup" or whatever is even associated with their browser program at all. I've seen Windows 7 users get the fake "Windows XP My Computer" scanning screen and think that it's their computer, even though it has green non-transparent bars and the other coloring-book design hints. Fail users. Having a Chrome icon isn't likely to trick them any better than simply saying "Your computer areinfected!!!" [space missing and "are" on purpose].

      It's funny, because I had mused only last week in a comment that the fake websites should do a User-Agent meta check to target appropriately. Guess someone else finally got the clue too.

  2. Tron Silver badge

    So humanity can put a man on the moon...

    ...but can't develop a workable rapid response solution that makes it impossible for criminal filth doing this sort of thing to pull money from credit cards and get away with it?


    1. Anonymous Coward

      How many times......

      Man didn't go to the moon, it was all faked on a film set in the Nevada desert!

    2. Stevie


      I love it when someone says "We can put a man on the moon but..." because the fact is that even if we wanted to we couldn't, not without years of reinventing the wheel (or in this case, the Saturn V).

      See, the Russians never could get the lift needed to do the job, so they stopped trying. No-one else ever made a serious attempt except the Americans, and because the development of every phase of Apollo was farmed out under contracts covered by DoD strictures, the plans and records held by the various companies involved (Grumman, McDonnell-Douglas et al) were destroyed after 25 years as called for by law.

      Neither NASA nor the US Government never bothered to undertake any kind of project to archive the whole thing (probably due to legal/cost issues), at least, not one anyone will admit to (and this would be a no-lose bragging right anyone would want).

      So the plain fact is we cannot, in fact put a man (or a woman) on the moon today because we've forgotten how. Turns out real engineering is ever so much harder to do than Star Trek makes it look. Whooda Thunkit?

      The will to invest so much money in such a project simply isn't there in America today either. Hell, people resent the money spent on space today, and *that* keeps their cable TV and cell phones going. If you can't sell someone on an idea they already think is great, it's a canonical non-starter.

      I expect the next nation to pull off the stunt will be the Chinese, assuming they see a reason to go.

  3. mr.K
    Dead Vulture


    Do not worry about poor aunt Mildred. We unplugged her years ago, on the basis that she actually wasn't all that poor.

  4. Joe 3

    Safari left out in the cold!

    There isn't a Safari one really, it isn't tailored at all - that's just Safari's standard JavaScript alert() call box. It's more likely the scammer's fall-back to 'unknown browser' (hence the IE-style that follows) - I dare say it behaves the same on other less well-used browsers.

    I've thought this for years though, browsers really should make it clear when a modal pop-up dialog box comes from a website instead of the OS - how about dimming the page in question and having the alert box fixed to the middle of the webpage? Using the same alert window style as the rest of the OS is just asking for trouble. (At least Chrome puts "The page at says" above, but it's still not distinct enough really.)

    1. jaduncan
      Thumb Up

      Happy days.

      "I've thought this for years though, browsers really should make it clear when a modal pop-up dialog box comes from a website instead of the OS - how about dimming the page in question and having the alert box fixed to the middle of the webpage?"

      Firefox 4 does exactly this, you'll be pleased to know.

    2. Mark Allen

      Dimming the page? Viruses already do that.

      How would dimming the page help? Viruses already do this. They have been mimicking the Windows PC warnings for a number of years now - and this includes the dimming to make the user know that the button appearing on screen is complex and technical and needs to be pressed. (How many home users really understand a UNC prompt? Many just hit OK without thinking)

      And it surprises me this is news, I have seen many variations of browser specific fake warnings in the past.

      What we need to REALLY worry about is the day they start proof reading their warnings!!

      1. Joe 3

        Re: my post above

        "How would dimming the page help? Viruses already do this." - Good point - pretty much anything which the OS does, VXers will attempt to fake. But at least if the webpage was dimmed and the alert was within its borders, users would be aware that the alert is coming from the webpage rather than the OS, so whether it was fake or not doesn't really matter as it's not as trusted as an OS dialog.

        Safari is particularly guilty in this case, as having a huge Safari icon to the left of the message could lead the casual user to think that the message is coming from the browser itself, rather than the site being viewed. (I remember finding wincleaner.exe on the desktop of my mum's G3 iMac - she said that the computer had said there was a problem and it needed to be downloaded. A classic example of a JavaScript alert looking far too official!)

        I doubt there's anything which can be done to stop users just clicking whichever button is flashing (minimum-time alerts?). Perhaps all this clicky-graphic stuff was wrong all along and it's time for us to go back to the command line! Anyone fancy starting a rural online community called the e-mish?

  5. Anonymous Coward

    Forget Manning and Assange....

    THESE virus writers / scammers / spoofers are the REAL bad guys.

  6. Franklin

    Not new

    I've seen scareware sites doing some crude browser user-agent checking for almost a year. Often, they simply return a blank page for browsers that aren't IE, but occasionally I've seen Safari-style, and once or twice Firefox-style, popups. They're not as sophisticated as the windows shown in this article, but the malware gangs have been aware of browser differences for a while.

  7. Simon Neill
    Thumb Up


    Just been handed the second laptop to get this.

    Thank you virus writers for giving me job security.

  8. Anonymous Coward
    Jobs Halo


    Just when I thought it was safe to use Ebay again,,,

This topic is closed for new posts.

Other stories you might like