Microsoft Warns of Deceptive Rogue:MSIL/Zeven Badware
Badware uses replicated browser warning pages to send users to fake antispyware site.
Since most fake antispyware threats go away after a few days, they usually fly under the radar of the major software companies (with rampant pests like Security Suite and Antimalware Doctor being exceptions that prove the rule). But today, Microsoft is taking notice of last week’s Win7 AV virus due to the unique tactics these crooks are using to promote their badware.
The scareware officially known as Rogue:MSIL/Zeven, which promotes Win7 AV, has been programed to recognize what type of browser you’re using so it can perfectly replicate your browser’s built-in warning page. For example, I use Chrome so I’m constantly seeing this in my badware research:
With the Rogue:MSIL/Zeven virus, the links on this screen would take me to a Win7 AV website that looks almost exactly like a legitimate Microsoft Security site—complete with a full-version payment option front and center—and then I’d be well on my way to contracting a nasty badware infection.
I guess this means we can’t trust our browsers anymore, so we might just have to fall back on good old common sense—and here are the lessons we’ve learned:
- If your browser automatically directs you to a site that doesn’t look right, approach with caution.
- Don’t download anything you’re not sure about.
- Read up on all antivirus products before paying for them. A quick Google search of Win7 AV reveals that it’s a fake.
