Network News

X My Profile
View More Activity

The Little Blue Browser

I never cease to be amazed at the sleazy tricks that online scammers have when it comes to trying to dupe inexperienced Internet users. This one sort of speaks for itself (discovered by the folks at Webroot):

IeExpired.jpgWindows users might see such a prompt if they visited one of several porn sites that try to exploit a series of Internet Explorer flaws to drop "Trojan horse" programs on the victim's PC that directs IE to www.microsofft.org (the URL in the address bar in the picture at right is spoofed with another IE exploit). I'm a little mystified as to why Microsoft hadn't already registered this rather obvious permutation of its trademark (this one was created in February) among several others I found within just a few seconds of searching the Web.

The porn site also installs a fake anti-spyware program that pops up a red "x" and displays a message that reads: "Your computer is in danger. Windows security center has detected spyware/adware infection. It is strongly recommended to use special antispyware tools to prevent data loss. Click here to install the latest protection tools!"

Of course the "protection tools" have already been installed by this point, and they include a fake anti-spyware tool called "Brave Sentry 2.0." This program is so brave that it identified no fewer than 23 threats on my system, including more than a few known Trojan horses. After some digging through the Windows registry and some startup folders, it became clear that Brave Sentry had planted these files on its own.

The your-IE-license-has-expired-go-buy-some-fake-Viagra ruse was a new one for me, but if you think people won't be taken in by it, think again. In a blog post a few weeks ago about SiteAdvisor, a company that makes browser security add-on for IE (which was just bought by McAfee), I found a number of people who'd be duped into paying for copies of IE or Firefox by following sponsored links that showed up in a Google search for those titles.

On a side note, while SiteAdvisor generally does a good job identifying Web sites that have sketchy advertising or other business relationships with dodgy third-party sites, it didn't flag either of the online pharmacy stores implicated in this whole expired-IE scam (wowpills.com and howinstant.info) as suspicious.

Update, 5:46 p.m. ET:: The folks over at Sunbelt Software tell me that Brave Sentry is in the same family of bogus anti-spyware tools as SpyAxe, SpySheriff, among others. If your machine has been infected with one of these programs, check out the information posted here.

By Brian Krebs  |  April 19, 2006; 4:11 PM ET
Categories:  Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Windows Users: Drop Your Rights
Next: Microsoft to Re-Issue Windows Security Patch

Comments

What??!? I have to purchase Viagra from Microsoft's pharmacy so its browser can remain stable longer? Hmmmm...whats Billy smoking these days.

Posted by: DOUGman | April 20, 2006 2:00 PM | Report abuse

I know I should be sympathetic, and obviously no one should be creating sites like in the first place (duh), but sometimes I just think: WHY are people so DUMB?

Posted by: h3 | April 21, 2006 10:16 AM | Report abuse

Brian,

You expected MS to have already registered the "microsofft.org" permutation of their name? Have you registered all permutations of "Brian" and "Krebs", to include .com, .net, .org, .biz, .info, etc? Why not?

Posted by: keydet89 | April 21, 2006 3:09 PM | Report abuse

keydet89 - MS to Brian Krebs is hardly a fair or comparable comparison.

Posted by: YupYup | April 21, 2006 4:55 PM | Report abuse

recently, i use a offline browser tool-
WebCloner, it is an offline browser and is the perfect tool for any Internet user to download rapidly and automatically large amount of files from any website and organize it efficiently for later use.
http://www.yaodownload.com/internet-tools/browsers/webcloner/

Posted by: joe | April 22, 2006 3:03 AM | Report abuse

internet security is a very important problem on the net, you should always protect yout privacy, you'd better use IE Protector And Tracks Eraser , it's an internet privacy protection tool.

http://www.yaodownload.com/internet-tools/browsers/ieprotector-trackseraser/

Posted by: tom | April 23, 2006 8:55 PM | Report abuse

keydet89

With a company as large as Microsoft they should have every possible permutation there is for their name. For that matter, they should have hired a team of people just to sit around and think up different ones and register them. To compare them to "Brian Krebs" is stupid, they are a company with a huge target on their heads for just this kind of malicous use.

I also have to agree with earlier post that it's wrong, but damn it's funny that people are actually that stupid.

Posted by: bc | April 26, 2006 10:27 AM | Report abuse

Easy solution...don't look at porn...

Posted by: Joe | April 26, 2006 5:41 PM | Report abuse

licence for bravesentry

Posted by: alen | June 2, 2006 11:46 AM | Report abuse

wejbkzvst vkndr rfbq qpgvi xnazqgr bqihrmfys lqfdcm

Posted by: tcixpzyu ucjrie | August 6, 2006 11:27 PM | Report abuse

tpkiqmbu nbmuirw lqrj znbs fqbopzae gfdia thxzsen [URL=http://www.thcif.gcje.com]vfwygazd iztqcox[/URL]

Posted by: csdmhlrxb btymxdzq | August 6, 2006 11:30 PM | Report abuse

rosxzqm rwzpk xqhtigw uwoiyj feqrljvm erox oncatp [URL]http://www.jxawdcn.gchzkm.com[/URL] mybfj uqygijd

Posted by: neswol ahmdj | August 6, 2006 11:30 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company