SECURITY TO THE CORE

Reported Attack Page: A latest malicious trick from Security Tool (Rogue Anti-Virus)


Today, a very well known Rogue Anti-Spyware application, Security Tool, have come out with an innovative deceiving tactics to push its malicious rogue anti-spyware application.

Whenever an unsuspecting user visits the malicious page, it gets a fake but an authentic looking Firefox “Reported Attack Page!”

As soon as users land on an infected/compromised webpage they’ll be told that “The URL is not valid and cannot be loaded” and will be presented an option to click “OK”

Capture0

After pressing the OK button, users will see a fake Firefox “Reported Attack Page” which will trick the users into believing that the webpage is infected and invites them to update their web-browser.

Capture1

Users who click the Download Updates button will end up with a file called “ff_secure_upd.exe” on Mozilla Firefox and “chrome_secure_upd.exe” on Google’s Chrome browser; either way, what they really get is the rogue AV application which uses fake system alerts and falsified system scans to persuade purchase of the Security Tool application.

Capture3

Firefox users with scripts enabled, even need not not to click the “Download Updates” button rather, they’ll just be prompted to click “OK” to download “Firefox secure updates.”

Capture2

Clicking “Cancel” button only results in a repeated warning that updates need to be downloaded.

Capture4

So all in all, this compromised website will you give countless chances to download the so called Firefox secure updates, which is actually a infamous misleading application called Security Tool..

This kind of approach is not new and has been demonstrated before by attackers.

And that’s not all. There is an iframe within the page that loads the infamous Phoenix exploit kit from a different website, security researchers from F-Secure reported, thereby exposing users to further exploitation.

Now a days, malware authors are employing innovative tactics to fool users – it’s as simple as that. So users are advised to be extra careful while clicking on unverified or unfamiliar hyper-links.

Users are also advised to keep their anti-virus applications up to date and if possible, use script-blocking technologies available to their browsers, such as the NoScript extension for Firefox which protect yourself against XSS, Clickjacking attacks and prevents exploitation of security vulnerabilities.

Stay Safe, Stay Secured !!

Advertisements

One response

  1. Wow! what an idea ! What a concept ! Beautiful .. Amazing …

    November 10, 2010 at 04:44

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s