Scareware looks like a browser security warning with Microsoft like web design

A new deceptive trick was created by the scammers who develop scareware. The new malicious code called by specialists as Zeven was developed by fraudsters to automatically detect a user's browser before serving up a warning page that poses as the genuine pages generated by IE, Firefox or Chrome. Victims are warned about the putative infection in their systems to lure them into installing a fake anti-virus software package, called Win7 AV. Such warnings are generated from malicious scripts planted on compromised websites.

This time the crooks behind the social engineering scam rely on the fact that a user is more likely to trust a warning and security recommendation ostensibly generated from their browser software than a random "your security is at risk" pop-up. Moreover, the Win 7 AV scareware package at the centre of the scam is served from a site designed to look like the genuine Microsoft Security Essentials website, right down to a link to Microsoft Malware Protection Centre and a graphic illustrating awards bestowed upon of Redmond's freebie security scanner tool.

In an official blog post Microsoft says: “But for all three browsers, a common indication that you are not looking at the actual browser warning is the offer of some sort of an “update” or “solution”. All the “updates” point to a copy of MSIL/Zeven that promises to provide “a new approach to windows detection”. Internet Explorer, Firefox, and Chrome do not offer such a solution when a website is blocked.

“When installed, the product looks very genuine: it allows you to scan files, tells you when you’re behind on doing your updates, and enables you to tweak your security and privacy settings. These features are usually available in various legitimate antivirus solutions. However, the features don’t work; everything is there just to look nice, not to offer any kind of protection (just like in all other rogue antivirus programs).”

Microsoft further adds: “As usual with rogue scanners, although it “found” malicious files, it claims it cannot delete them unless you update. That implies that you need to pay for the full version, which has the ability to download updates. However, these files are totally bogus; no such files exist in the user’s computer.”