Sophos Urges Vigilance Over Fake Firefox AV Warnings

Security expert Sophos has warned users of the Firefox web browser to be wary of false virus warnings.

So wrote Chester Wisniewski, senior security advisor at Sophos Canada on his blog on the Sophos Naked Security site.

He warns that the advanced ‘scareware’ campaign essentially presents Firefox users with fake warnings that are designed to scare them into believing their computer is infected.

Advanced Scareware

According to Wisniewski, users may see a genuine-looking ‘Firefox security alert’, which displays a convincing system scan, including a progress bar and the names of malware supposedly found in files on the victim’s machine.

This fools users into thinking their PCs are under attack or infected, and prompts them to pay in order to clean up non-existent malware infections.

It should be noted that Internet Explorer users are not immune. IE users apparently get the standard “My Computer” dialogue that appears to do a system scan inside their browser window.

“Taking advantage of detailed information about the person’s computer and software allows for a much more specific, believable social engineering attempt,” said Wisniewski. “We are likely to continue to see these criminals targeting each operating system, browser and any other details that can be gleaned from HTTP requests sent from our devices.”

Wisniewski warns that if users are fooled into clicking on the “Start Protection” button, they will download a fake anti-virus program which will perform exactly the way you would expect a fake anti-virus program to. “It will faithfully detect fake viruses on your computer until you register it for $80 (£48) or more,” he wrote.

“If you are a Firefox user and see a warning about viruses on your computer, you will know it is fake. Firefox does not include a virus scanner inside of it and it will only warn you about visiting malicious pages,” Wisniewski wrote. “If you get a warning about a dangerous website from Firefox you can always play it safe… Close the browser.”

MacDefender Threat

Most of the current scareware attention of late has been focused on MacDefender, which started making its rounds in the Mac ecosystem during May.

Apple took a long while to admit it was actually a malware threat at all, despite Sophos warning back in June last year that Apple users do not take their security seriously enough.

Scareware or fake anti-virus threats look to exploit user fears about viruses and dupe users into believing their computer has problem, when it does not.

Mobile Handsets

Sophos says that scareware is typically planted on websites in the form of pop-up advertisements or disguised downloads. There have also been occasions when hackers have spammed out scareware, or links to it, using traditional social engineering tricks to fool users into clicking on the attachment or link.

Last month an anti-malware researcher warned that fake antivirus scanners are now migrating across to mobile handsets.

Dinesh Venkatesan warned that a rogue antivirus masquerading as a Kaspersky Lab antivirus scanner has been spotted on mobile devices. That scam was designed to trick Russian-speaking users into paying for bogus mobile protection.