Beware: Fake Browser Warning Delivers Malware

Threat analysts at PhishLabs have encountered a fake browser warning which, when acted upon, delivers the Zeus (Zbot) malware.

Credit: PhishLabs
Credit: PhishLabs

Of course, this type of social engineering attack is quite commonplace these days but what makes this one standout, and the main reason we are bringing it to your attention, is the convincing nature of the warning message.

It includes the usual social engineering earmarks, praying on the fears of users…

We have detected unusual activities on your browser and the Current Online Document File Reader has been blocked base on your security preferences.

However, there are two key elements which differentiate this malicious prompt from most:

  1. The language and grammar used in this message is noticeably superior to the norm. Poor grammar and spelling are generally good indicators of fake warnings or messages, but this one, while still not perfect, is way more accurate than most.
  2. The design of the warning notice is also superior, closely resembling legitimate alerts issued by popular browsers.

Clicking the “Download and Install” button will, of course, lead to the Zeus malware, a highly malicious trojan that steals online banking credentials and makes infected computers part of a botnet.

Overall, we believe this one has the potential to fool quite a few unwary users, hence this advisory.

**At time of publication, exact circumstances of how this fake notice is being delivered remain unknown. However, PhishLabs’ investigation is ongoing.

 

2 thoughts on “Beware: Fake Browser Warning Delivers Malware”

  1. It never ceases to amze me how much work people put into making these things.
    Granted, English is not their primary language, they could have proffitable employment, legitimately.

Comments are closed.

Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!