How-To Geek

New Malware Detects Your Browser, Spoofs Warnings to Trick You

The latest nasty malware is getting even smarter—now it detects what browser you are using, and serves up a fake warning page that matches what you’d normally see.

Once you’ve seen the fake warning page on a web site, if you click anywhere else it’s going to try and get you to install the malware on your PC, with a fake recommendation from Google, Firefox, or IE that tells you to “upgrade” your malware protection. It’s evil of the worst kind.

But for all three browsers, a common indication that you are not looking at the actual browser warning is the offer of some sort of an “update” or “solution”. All the “updates” point to a copy of MSIL/Zeven that promises to provide “a new approach to windows detection”. Internet Explorer, Firefox, and Chrome do not offer such a solution when a website is blocked.

When installed, the product looks very genuine: it allows you to scan files, tells you when you’re behind on doing your updates, and enables you to tweak your security and privacy settings. These features are usually available in various legitimate antivirus solutions. However, the features don’t work; everything is there just to look nice, not to offer any kind of protection (just like in all other rogue antivirus programs).

Rogue:MSIL/Zeven wants a piece of the Microsoft Security Essentials pie [Microsoft]

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 09/5/10

Comments (10)

  1. buddyboy9

    Thanks for the heads up! People ruin everything!

  2. Steven Torrey

    So why didn’t you give intsructions on how to get rid of it? That makes you as irresponsible as the malware!

  3. JonMCC33

    @Steven, just have a proper AV solution. Most of these are blocked if you have a good AV program that is up to date.

  4. Barnabas

    He would have given us a “how to remove” if it’s there…

  5. NomadWanderer

    The authors of this program also consistently spell threat as thread. Yay for the good old English language

  6. Ravi Boodle

    Crazy thought here… Maybe they’re spelling “threat” as “thread” be cause their 1st language isn’t English?

  7. Wolfalar

    Malwarebytes will get rid of it. Down load to computer after safe sign on with internet access then run it. I have had to use it twice to remove it from two different computers. Sounds like Personal Security Virus that been out for a while.

  8. Bob Smith

    thank you opera!

  9. JimRod

    Oh dear, I was hoping I’d found a site that didn’t have grammar Police patrolling it.

  10. Glenn

    Theres another nasty program like this that, if caught by your security center, will be called iwpiocrshdw.exe. This sucker is nasty and wont let you visit any websites, nor open any programs, insisting (in a very Windows Security Center kind of way, with a bubble popping up from the toolbar) that the program you are trying to open, wmplayer.exe for instance, is infected. It then prompts you to buy very offficial looking software from a website.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!