Home Technology News Fake virus infection Web pages are everywhere

Fake virus infection Web pages are everywhere

Tuesday, 15 September 2009 21:43 administrator
E-mail Print PDF

Everyone has seen a fake virus infection Web page from time to time. They pop up on your screen looking like a perfectly normal Windows page except they tell you that your PC is infected by a virus and you need to click here to either fix the problem or download a program that will clean out the bug for you. The only problem is it's a lie. It's actually an attack designed to get you to download malware.

Usually these fake Windows pages-they're actually Web pages-pop up when you're visiting a dodgy Web site. But, even the New York Times isn't immune to attacks like this. Over this last weekend, September 12-13, I was startled to see an apparent Windows page show up that read, "Warning!!! Your system requires immediate anti-viruses scan. Personal Antivirus can perform fast and free virus malicious software scan of your computer."

Now, I wouldn't fall for this, but I can see how many people would. At a glance, it looks real and the last thing most people expect to see coming from the New York Times is malware. But, that's exactly what it was.

The paper confessed to the problem stating that "NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software. We believe this was generated by an unauthorized advertisement and are working to prevent the problem from recurring. If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser."

That's good advice. When you're on a Windows PC, you shouldn't click on any part of the fake message. No, not even cancel. Any click might start a malware download.

In the event, this particular attacker was even cruder. If you clicked on it, you wouldn't get malware, you'd get an endless series of scareware messages until you either rid yourself of the program or 'buy' the software by entering your credit-card number. After that, you might as well call up your credit-card number and get a new card. Your credit card information has just been stolen.

The Times has dealt with the problem on their end, so you won't see this particular nuisance from their site again. But, the iFrame injection attack behind that fake page is an extremely common kind of XSS (cross site scripting) attack.

Since the problem starts at either a compromised or, in the case of the NYT tricked, Web site, there's not a lot you can do to prevent the attack on your side.