Scareware Webpages

Many computers are coming into CTS with a kind of Malware installed on them called "Scareware."

Typically what happens is while you're surfing the web an attacker inserts a malicious piece of code into a webpage, often via an advertisement, or a redirect to another page, that pops open a new browser window on your computer claiming that your computer is infected with all kinds of viruses and spyware.

The page then instructs you to "click" or "install something" to remove the items. Once you do, you've been tricked into infecting your computer with malicious software.

Never click on something that looks like anti-virus software unless it says "F-Secure" or "Sophos" in the title box (campus owned computers) or the title of your anti-virus program at home.

More information about Scareware can be found here:

http://en.wikipedia.org/wiki/Scareware

Anatomy of a Scareware Page

Below is an example of a Scareware webpage and notes about everything that is wrong with it.

  1. Note how it looks like "your computer" to try to trick you?
  2. Note that it appears "inside" your web-browser? Even more humorous is that the screenshot below was taken on a Mac; which looks nothing like Windows in terms of dialog boxes, icons, etc.
  3. If you were to try to drag the "Windows Security Alert" window, it wouldn't move. It's actually part of the web page.
  4. If you click "Remove All" it would attempt to download and install the Malware payload, often without any further warnings.
  5. Sometimes it will fill your entire screen, if your anti-virus normally does not do this (computers on campus with F-Secure and Sophos do not take over your screen), you're likely being fooled.

Scareware