Most Fake AV pages mimic a Windows Desktop application running. In addition, the Fake AV pages have generally been the same regardless of which browser they are viewed. I recently found a new type of Fake AV page that looks different on each browser. And it also uses internal elements of those browsers.
Internet Explorer version
The version for Internet Explorer looks more like the previous pages I’ve seen.
 |
| Fake AV page for Internet Explorer |
The malicious executable InstallInternetDefender_722.exe is detected by only 9.5% of the AV!
 |
| Virustotal results for malicious executable |
Firefox version
The version displayed in Firefox browsers i very interesting. It looks like the security warning Firefox shows for malicious and phishing sites.
 |
| Fake AV page for Firefox |
The source code of the pages shows that the page is using internals elements of the browser to construct the page:
- chrome://global/skin/netError.css
- chrome://global/skin/icons/blacklist_favicon.png
 |
| Use of internal Firefox elements |
The warning looks very legitimate.
Chrome version
Like for Firefox, the Chrome version looks like a legitimate browser warning.
 |
| First warning from the fake AV page |
 |
| Fake AV page fro Chrome |
Safari version
For Safari, only the first popup box is taylored to the browser. The main page is the same as Internet Explorer.
 |
| Fake Av warning for Safari |
Fake AV continues to evolve. This new version for Firefox will surely fool more than one user.
– Julien
Related Posts
- Fake Firefox Update Page Pushes Malware
Thanks to F-Secure for revealing the latest in rogue anti-malware: A fake Firefox "Just Updated" page which pushes you to install an update to Flash.
View full post on PCMag.com Security Co... - Fake Firefox Update Page Pushes Malware (PC Magazine)
PC Magazine - Thanks to F-Secure for revealing the latest in rogue anti-malware: A fake Firefox "Just Updated" page which pushes you to install an update to Flash.
View full post on Yahoo! News: Se... - Phishing Attack Uses Fake Donation Website
Earlier today, we found a phishing site that poses as a donation site to raise money for the victims of the recent earthquake in Japan. The phishing site http://www.japan{BLOCKED}.com is created by us... - Fake Tube site uses $ex-Tron-ix powers
Most security researchers are familiar with these typical ‘Tube’ sites: sexonlinetube.info They are a lure to infect you with nasty malware: sexonlinetube.info/download/movies/tube457219.... - New fake codec scam impersonates Firefox VLC video plug in
This turned up today: new fake codec scam masquerading as a VLC video player plugin error message. In reality, clicking on the “install” button will result in a download of the Security Essentials rog... - New malware detects browser, shows fake malware warning page
Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explor... - Fake Firefox Flash Update is Rogue
Thanks to F-Secure for revealing the latest in rogue anti-malware: A fake Firefox "Just Updated" page which pushes you to install an update to Flash.
The page (see below and click it for a f... - Google steals security page from Mozilla’s Firefox
Google plans to take a page from Mozilla's playbook and block outdated plug-ins from launching, part of new efforts to keep Chrome users safer.
View full post on Computerworld Security News... - Fake Firefox Update Pages Push Adware
Since its’ release on January 21st, the newest version of the Firefox web browser has received a great deal of attention. In just a short time it has achieved over 30 million downloads. Adware pusher... - Browser Updates
Just a few days ago, two major web browsers have been updated to fix security vulnerabilities which may allow attackers to infect the computer with malware just by visiting a hacked website.Google rel...
Posted on 03 March 2011. Tags: Fake, Firefox, internals, page, uses
The above information is reprinted from and copyrighted © by Zscaler.
