Dodgy Windows virus scanner on FreeBSD!

Software

For some reason this evening while searching for information about how to grate cheese using only rubber bands MacGyver style (or maybe while I was searching for SQlite information for Ruby, I don't remember) a random message box popped up:

Your Windows installation could be infected with viruses!

Given I'm on FreeBSD (they didn't even check whether their victim was running Windows?!), just for a laugh I decided to click OK and see what they showed!

Really dodgy fake Windows virus scanner

I was expecting the usual silly looking website with affiliate links for piles of overpriced and unnecessary security software, but instead a new fake web software screen appeared, complete with animated progress bars and an evolving list of "infections" that the "software" had "detected". When it was done another fake message appeared which linked to an executable file to download, presumably containing spyware or a virus. Taking a look at the source on the page itself, each button triggered the same JavaScript download function.

ASIDE: The JavaScript code took up more space than any of the HTML. I’ve never seen that before, quite eye opening. Scams like this need more 1337 programming skills than I thought. And all the more reason to disable JavaScript except for trusted sites!

I must say, despite the fact the Windows logo is different in four different places and the grammar is terrible, the animations and fake scan results are pretty well done. For most savvy and intermediate computer users the flaws would be pretty obvious and they'd probably laugh them off, but the scary thing is I'm sure there are plenty of people who would find this whole shameless charade convincing. Just like all these hoaxes, they seem to target this group; heck if they can net one person out of a few thousand, the whole exercise has been… how does Richard Quest put it… profitable.

Malware distributor, I stick my tongue out at thee!
Malware distributor, I stick my tongue out at thee!

For what it's worth though, and on the bright side, it was really hilarious seeing this whole thing act itself out… in KDE on a FreeBSD machine where the windows look completely different, the colours don't match, the fonts aren't even the same and the .exe file it tried to download to the machine wouldn't have been able to run itself even if it did make it to the hard drive to start off with!

Sorry guys, there's no Microsoft Windows code to exploit on this machine!

Author bio and support

Me!

Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person in bios. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.