Rogue AV - Microsoft Warns of Rogue Antivirus Attack - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Microsoft Warns of Rogue Antivirus Attack

Written By
Brian Prince
Brian Prince
Sep 7, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft is advising users to be wary of a rogue antivirus program that creates fake warnings that appear to come from the user’s browser.

The program, called MSIL/Zeven by Microsoft, detects what browser is being used and then launches a page virtually identical to pages generated by Internet Explorer, Google Chrome and Mozilla Firefox that warn users when they are about to surf to a malicious site.

A key difference is that there will be a place on the page for users to click to download an antivirus program to protect them.

“All the ‘updates’ point to a copy of MSIL/Zeven that promises to provide ‘a new approach to windows detection,'” blogged Daniel Radu of Microsoft Malware Protection Center Dublin. “Internet Explorer, Firefox and Chrome do not offer such a solution when a Website is blocked. When installed, the product [Win7 AV] looks very genuine: It allows you to scan files, tells you when you’re behind on doing your updates, and enables you to tweak your security and privacy settings. … However, the features don’t work; everything is there just to look nice, not to offer any kind of protection.”

When another warning appears telling users about malicious files discovered on the machine, users are told the files cannot be deleted until they update. The idea is to get users to pay for the full version of the product, which has the ability to download updates, Radu wrote. However, these files “are totally bogus.”

“If you decide to buy the product, this rogue opens an HTML window enabled with ‘Safe Browsing Mode’ and high strength encryption to ‘help’ and ‘protect’ you while completing your purchase,” he blogged. “Of course, these features are totally worthless and don’t actually do anything in the way of securing your credit card details.”

The main page of the fake AV itself is designed to look similar to the Microsoft Security Essentials Web page, Radu noted.

“The people behind it have even copied the awards received by Microsoft Security Essentials and link to the Microsoft Malware Protection Center – pretty sneaky of them,” he blogged.

Microsoft couldn’t say much about the attack vector the mind or minds behind Zeven are using to infect people in the first place, but told eWEEK users should keep their computers protected with up-to-date antivirus.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information