Firefox users are being targeted by a new scam that tries to load a user’s PC with fake antivirus software using a passably convincing version of the Windows Update page.
The affected user sees an almost exact replica of the Microsoft update page, but there is a difference. This works only in Firefox, while the real Microsoft update site requires you to use Internet Explorer.
The same site was also hosting the traditional Windows XP explorer scanner for years, as well as a new Windows 7 scanner.
The attackers selling fake anti-virus are getting more professional. They use high quality graphics and are using information from UserAgent strings that are sent by the browser to customise your malware experience.
Graham Cluley, Senior Technology Consultant at Sophos, said, “Users need to be more vigilant than ever before as bogus security alerts pop-up in their browsers. Fake anti-virus attacks are big business for cybercriminals and they are investing time and effort into making them as convincing as possible. Malicious hackers are using smart social engineering tricks more and more often, and the risk is that users will be scared by a phoney warning into handing over money to fix problems that never existed in the first place”.
So Just like visiting your bank, you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software.