One of the most popular tricks in the Malware Handbook is to fool users into installing fake antivirus software. You've seen the bogus warnings before, the ones telling you your PC is infected with viruses, and all you have to do to restore order is download and install whatever fake antivirus software is on your screen. Savvy PC users recognize this as a scam designed to get users to unwittingly install real malware under the guise of a helpful product, and the reason it still works is because malware writers keep finding new and creative ways of dishing up their bogus software.
According to security firm Sophos, one of the latest scams is to detect your user-agent string from your browser and display a fake Firefox security alert if you're using Mozilla's Firefox browser. Internet Explorer users get the generic "My Computer" dialog box, but the fake Firefox warning looks legit except for one thing -- Firefox doesn't include a built-in virus scanner and only warns against visiting malicious pages, not specific viruses.
Another clever trick currently making the rounds is to spoof Microsoft Update. Once again, it's Firefox users who appear to be the most popular target as of late.
"The page is nearly an exact replica of the real Microsoft Update page with one major exception... It only comes up when surfing from Firefox on Windows," Sophos warns. "The real Microsoft Update requires Internet Explorer."
It used to be that these two-bit spoof jobs were littered with grammatical errors, but attackers have started to clean up their act with professional looking pages and, more recently, clever attacks aimed at a specific set of users (Firefox).