Safe PC Online Scan: Bogus Alert
Today I ran into a new fake antivirus scanner, "Safe PC Online Scan". It's just like the other fake online alerts but now with 50% more trickery and deception. On visiting, I'm redirected to an alert dialog. Following screenshots 1 through 4, (click them to see the full-sized images), watch how it works.
-
- 1. The first message I saw. I clicked the “X” to close it.
-
- 2. My browser goes full-screen, giving the impression I’m now in Windows Explorer! It looks like a virus scanner is running. Again, I clicked “X” to close the new dialog…
-
- 3. OMG! Is Windows telling me I’m actually infected? Browser popups can’t look like this so it must be Windows, right? On attempting to close the dialog, I initiate a download.
-
- 4. By clicking “X”, I was actually initiating a download!
Unlike other fake online AV scanners, this one managed to resize Firefox 3.5 to full-screen, creating the impression that Windows Explorer just opened. It creates a very convincing illusion of an AV scanner running, and if that doesn't convince the victim, it follows up with a fake Windows security alert. Clicking just about anything causes a download to initiate. Even attempts to close dialog boxes initiate downloads, bypassing normal Firefox security mechanisms.
