MSIL/Zeven malware impersonates warning pages
by Terryala on Galdiator Security Forums
Microsoft’s Malware Protection Center is reporting that a new strain of malware is impersonating malware warning pages. The rogue software, dubbed MSIL/Zeven, when loaded into a browser, detects what the browser is and displays a "Reported Attack Site" or "Reported phishing site" page in the style of the detected browser. It works with Internet Explorer, Chrome or Firefox and the pages are "so accurate that it can trick even highly trained eyes" say Microsoft. It is, therefore, important to check any pages purporting to block access to dangerous sites in case they are actually bogus.
The only difference with the pages, apart from some misspellings, is that they offer an option to "update" to fix the problem. The pages are actually directing the user to download rogue antivirus application which requires the user to pay for an update so it can delete the non-existent infections on the user’s computer. The purchase pages are actually a copy of Microsoft’s own Security Essential’s web page, complete with links back to Microsoft to make them appear more authentic.