0 Members and 2 Guests are viewing this topic.
Scammers are spoofing the anti-malware warnings of popular browsers to dupe Windows users into downloading fake security software, Symantec said Monday.Several malicious Web sites are displaying phony versions of the alerts that Google's Chrome and Mozilla's Firefox present when users encounter pages suspected of hosting attack code, said Symantec researcher Parveen Vashishtha in a post to the firm's blog.Rather than simply warn users that the page they're about to visit may be dangerous -- as do the legitimate alerts -- the sham versions also include a prominent message that suggests downloading a browser security update.In reality, no browser offers its users security updates from its anti-malware warning screen.Anyone who accepts the update actually downloads bogus software, often called "scareware" because it bombards users with endless fictitious infection warnings until people pay $40 to $50 to buy the useless program.Even the cautious can be nailed by these sites. Users who refuse the mock updates are assaulted by a multi-exploit toolkit that includes attack code for 10 different vulnerabilities in Windows, Adobe Reader, Internet Explorer and Java. Windows PCs that have been kept up-to-date with bug patches will be immune from the exploit kit, however."Malware authors are employing innovative social engineering tricks to fool users -- it's as simple as that," said Vashishtha.