Beware: Fake Browser Warning Delivers Malware

Threat analysts at PhishLabs have encountered a fake browser warning which, when acted upon, delivers the Zeus (Zbot) malware.

Credit: PhishLabs

Of course, this type of social engineering attack is quite commonplace these days but what makes this one standout, and the main reason we are bringing it to your attention, is the convincing nature of the warning message.

It includes the usual social engineering earmarks, praying on the fears of users…

We have detected unusual activities on your browser and the Current Online Document File Reader has been blocked base on your security preferences.

However, there are two key elements which differentiate this malicious prompt from most:

1. The language and grammar used in this message is noticeably superior to the norm. Poor grammar and spelling are generally good indicators of fake warnings or messages, but this one, while still not perfect, is way more accurate than most.
2. The design of the warning notice is also superior, closely resembling legitimate alerts issued by popular browsers.

Clicking the “Download and Install” button will, of course, lead to the Zeus malware, a highly malicious trojan that steals online banking credentials and makes infected computers part of a botnet.

Overall, we believe this one has the potential to fool quite a few unwary users, hence this advisory.

• Read the PhishLabs report in full here: Zeus malware distributed through browser warning: social engineering at its finest

**At time of publication, exact circumstances of how this fake notice is being delivered remain unknown. However, PhishLabs’ investigation is ongoing.