Cyber criminals has come with a new distribution model of a fake antivirus which attempts to fool customers thinking into that they are downloading updates from Microsoft’s Windows update website.
The page is nearly an exact replica of the real Microsoft Update page with one major exception… It only comes up when surfing from Firefox on Windows. The real Microsoft Update requires Internet Explorer.
The same site was also hosting the traditional Windows XP explorer scanner we have seen for years, as well as a new Windows 7 scanner.
Similar to spam messages that have corrected their grammar and use correct imagery and CSS, the attackers selling fake anti-virus are getting more professional.
They use high quality graphics and are using information from our UserAgent strings that are sent by the browser to customize your malware experience
Source : sophos