Rogue:MSIL/Zeven creates fake warning pages which are very similar to the real thing.
It is all part of a cunning social engineering scheme, but in this case the malware authors are relying on the user’s faith that their browser at least always tells them the truth.
The malware looks real. It allows you to scan files, tells you when you’re behind on your updates, and enables you to change your security and privacy settings. In fact it can even find malicious files, but of course it cannot delete them unless you update, which requires paying for the full version.
If you are dumb enough to buy the product it will open a window that provides a useless “Safe Browsing Mode” with super strong encryption.
What seems to have got Microsoft’s goat is that the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage. They even copied the awards received by MSE and a link to the Microsoft Malware Protection Centre.
Of course none of the three browser makers would ask someone to download and install something, shelling out some cash in the process.
The Firefox warning page has a typo where one of the buttons says “Get me our of here”.