Fake browser warnings lure victims to rogue AV solution

Certain compromised websites are detecting which browser (Firefox, Chrome, IE) the visitor is using and present to them a fake malware/reported attack warnings that urge them to download an “upgrade”/”solution for malware protection”, Microsoft warns.

These fake warning pages are very similar to the legitimate ones that the respective browsers show when they land on a suspicious site:

But, the glaring difference that should make any user pause and pay more attention is the aforementioned offer, which the legitimate pages never mention.

If the user falls for the scam and downloads the “update”, a fake AV solution that goes by the name Win7 AV will be installed on his or hers computer.

This rogue looks pretty genuine, and it apparently lets you scan files, warns you that you should update some of your software, lets you manage your security settings – but actually does none of those things. After you scan your compute with it, it naturally “finds” many threats (or “threads” – the bad spelling is also a warning sign!) on it.

To remove those threats, you must, of course, buy the full version. If you choose to do so, you are taken to another the web page of the rogue antivirus program which looks a lot like the Microsoft Security Essentials’ web page:

If you decide to buy the solution, an HTML window that claims to allow you to purchase it while being protected by a “Safe Browsing Mode” and “high strength encryption” pops up.