A large number of malicious websites are using social engineering techniques to display fake security alerts that resemble the legitimate ones the web browsers Firefox and Chrome display when a user navigates to a page that is suspected to be malicious.
The fake warning messages are essentially tricking computer users into downloading malware such as the 'Security Tool' rogue anti-spyware program.
The typical social engineering tactic of displaying a false warning message or security alert is nothing new to us because over the years we have witnessed literally hundreds of rogue applications that use this technique.
Have you ever seen the warning message similar to the image below in Figure 1?
Figure 1. Legitimate Web browser 'warning' message of a possible 'attack site'.
Usually messages such as the legitimate one demonstrated in Figure 1 will be displayed if your web browser classifies a specific page as being potentially harmful. Computer users have the option of 'ignoring the warning'. Recently, hackers have been mimicking this message and leading users to download malware such as the rogue anti-spyware application 'Security Tool'. The image below in Figure 2 demonstrates how the malicious web browser 'warning' message looks.
Figure 2. Malicious Web browser 'warning' message of an 'attack site' which leads to the download of malware.
Can you tell the slight difference in Figure 1 and Figure 2? In our recent discovery of these attacks, we identified the malware download being an executable that installs the Security Tool application. Security Tool is a fake anti-spyware application that uses money extortion tactics through the use of fake system alerts and fabricated system search results. The same creators of the rogues System Security and Total Security 2009 may also be behind these recent social engineering attacks.
It is evident that hackers and cybercrooks will continually thrive on new and clever social engineering attacks because they work. Even some of our technicians have a hard time identifying legitimate warning messages against fake ones created by hackers. It is only after further investigating such threats that we are able to decipher if they are truly malicious. This is why computer users should always be proactive about keeping their system protected by installing and updating a good anti-spyware or anti-virus tool.