Security researchers from Sophos warn of a new scareware campaign that directs Firefox users to rogue pages mimicking the security alerts normally issued by the browser.Firefox leverages Google's Safe Browsing API to prevent users from visiting websites that have been flagged as malicious.
The Safe Browsing service aggregates information from various third-party sources and Google's own specialized crawlers.
When a rogue page is opened in Firefox, the browser displays a security alert informing the user about the request being blocked and providing them with several options.
According to the Sophos researchers, the people behind this recent scareware distribution campaign have cloned the page and modified it to appear as if a computer scan is also performed and infections are found.
"Mozilla Firefox recommends you to install proper software to protect your computer," the phishing page says and presents users with a "Start Protection" button.
Clicking the button will prompt people to download and install a rogue antivirus application whose purpose is to scare them into paying for a license to allegedly clean the fictitious infections.
The scam is browser-aware and will direct Internet Explorer users to a different page mimicking a classic Windows Explorer window.
"If you are a Firefox user and see a warning about viruses on your computer, you will know it is fake. Firefox does not include a virus scanner inside of it and it will only warn you about visiting malicious pages," advises Chester Wisniewski, a senior security advisor at Sophos.
Using fake Google Safe Browsing pages is not a new trick. The same technique has been used in a series of campaigns last year, with different pages mimicking alerts displayed by each browser.
Scareware pushers have also targeted Firefox users through fake "what's new" pages that are usually displayed after the browser is updated to a new version.