Clever social engineering. A malicious web page that tells you it's malicious.

So much of the protection from this sort of attack has to do with user training (or the lack thereof). We need the same sort of PR campaign / public service messages that aim to reduce drunk driving, lack of seat belts, etc.<p>And before you scoff at that, think of the economic cost of letting folks get "trojan'd" -- this helps build botnets, which have a measurable negative social impact on the Internet -- more spam, financial fraud, DDoS attacks, etc. Obviously not as severe as drunk driving deaths, but worthy of prevention nonetheless.<p>I know I'm trained -- I look at that "OK" button on the install dialog and my stomach churns. But others don't have this geek instinct, and that should be corrected.

I know a good number of people who would fall for this. Very clever to imitate the warning, I must say.

It would be even worse if the malicious site was an exact copy of the true Firefox block page. So, when the user clicked on "Get me out of here!" it would prompt to install the rogue AV.

That's what you get when your WARNING screen looks exactly the same as a screen that a website or app can cause you to display.<p>I have always wondered how the Mac OS password screen works (you know, the one where you are supposed to enter your system password). What if an app spoofs it? How would the user know the difference visually?

I don't know. The first thing that occurred to me on viewing the warning is that Firefox is working as expected -- it is warning me about a malicious site. So why is it asking me to download updates when it appears to be working correctly? It's a contradiction. But maybe that's just me.

This attack would screw only Opera users. It would not work for users of IE and Firefox and Chrome, who at least know to look for the signature checking, because all such browsers will flag the downloaded executable such that Windows will check its signature before running it.

This is smart but nothing new in the sense that people have used fake antivirus warnings, fake windows error messages, etc for years now to push you to click on some sort of buttons which would then lead you to a binary install with spyware.

I don't know which Alanis Morrisette song the author is referring to.