The Little Blue Browser
I never cease to be amazed at the sleazy tricks that online scammers have when it comes to trying to dupe inexperienced Internet users. This one sort of speaks for itself (discovered by the folks at Webroot):
Windows users might see such a prompt if they visited one of several porn sites that try to exploit a series of Internet Explorer flaws to drop "Trojan horse" programs on the victim's PC that directs IE to www.microsofft.org (the URL in the address bar in the picture at right is spoofed with another IE exploit). I'm a little mystified as to why Microsoft hadn't already registered this rather obvious permutation of its trademark (this one was created in February) among several others I found within just a few seconds of searching the Web.
The porn site also installs a fake anti-spyware program that pops up a red "x" and displays a message that reads: "Your computer is in danger. Windows security center has detected spyware/adware infection. It is strongly recommended to use special antispyware tools to prevent data loss. Click here to install the latest protection tools!"
Of course the "protection tools" have already been installed by this point, and they include a fake anti-spyware tool called "Brave Sentry 2.0." This program is so brave that it identified no fewer than 23 threats on my system, including more than a few known Trojan horses. After some digging through the Windows registry and some startup folders, it became clear that Brave Sentry had planted these files on its own.
The your-IE-license-has-expired-go-buy-some-fake-Viagra ruse was a new one for me, but if you think people won't be taken in by it, think again. In a blog post a few weeks ago about SiteAdvisor, a company that makes browser security add-on for IE (which was just bought by McAfee), I found a number of people who'd be duped into paying for copies of IE or Firefox by following sponsored links that showed up in a Google search for those titles.
On a side note, while SiteAdvisor generally does a good job identifying Web sites that have sketchy advertising or other business relationships with dodgy third-party sites, it didn't flag either of the online pharmacy stores implicated in this whole expired-IE scam (wowpills.com and howinstant.info) as suspicious.
Update, 5:46 p.m. ET:: The folks over at Sunbelt Software tell me that Brave Sentry is in the same family of bogus anti-spyware tools as SpyAxe, SpySheriff, among others. If your machine has been infected with one of these programs, check out the information posted here.
Posted by: DOUGman | April 20, 2006 2:00 PM | Report abuse
Posted by: h3 | April 21, 2006 10:16 AM | Report abuse
Posted by: keydet89 | April 21, 2006 3:09 PM | Report abuse
Posted by: YupYup | April 21, 2006 4:55 PM | Report abuse
Posted by: joe | April 22, 2006 3:03 AM | Report abuse
Posted by: tom | April 23, 2006 8:55 PM | Report abuse
Posted by: bc | April 26, 2006 10:27 AM | Report abuse
Posted by: Joe | April 26, 2006 5:41 PM | Report abuse
Posted by: alen | June 2, 2006 11:46 AM | Report abuse
Posted by: tcixpzyu ucjrie | August 6, 2006 11:27 PM | Report abuse
Posted by: csdmhlrxb btymxdzq | August 6, 2006 11:30 PM | Report abuse
Posted by: neswol ahmdj | August 6, 2006 11:30 PM | Report abuse
The comments to this entry are closed.