The latest nasty malware is getting even smarter—now it detects what browser you are using, and serves up a fake warning page that matches what you’d normally see.
Once you’ve seen the fake warning page on a web site, if you click anywhere else it’s going to try and get you to install the malware on your PC, with a fake recommendation from Google, Firefox, or IE that tells you to “upgrade” your malware protection. It’s evil of the worst kind.
But for all three browsers, a common indication that you are not looking at the actual browser warning is the offer of some sort of an “update” or “solution”. All the “updates” point to a copy of MSIL/Zeven that promises to provide “a new approach to windows detection”. Internet Explorer, Firefox, and Chrome do not offer such a solution when a website is blocked.
When installed, the product looks very genuine: it allows you to scan files, tells you when you’re behind on doing your updates, and enables you to tweak your security and privacy settings. These features are usually available in various legitimate antivirus solutions. However, the features don’t work; everything is there just to look nice, not to offer any kind of protection (just like in all other rogue antivirus programs).