Modern web depends on a variety of technologies – Flash, Java, ActiveX, etc. Interactive web sites often host a special code that need to be executed on your system. Otherwise you won’t see any animations or streaming videos, and you would be unable to use web-based applications and services.
However, freshly installed web browser or the operating system itself cannot run that code. You have to install specially designed software from third parties. Fortunately, in most cases the installation process is very simple and fully automated. Once a web page that requires a plug-in is loaded, you are prompted to install and download that add-on. All you have to do is click.
That’s cool as long as you visit legit sites. But what’s about malicious pages? Can they ask you to install “needed” plug-ins too? The answer is yes, they can. And it seems that malware makers have just begun using bogus error messages to trick victims into infecting their computers.
Take a look at the screenshots. What you see here are fake error messages saying that your browser cannot display an image file until you download new version of the ActiveX Object plug-in, which simply doesn’t exist.
After you click Continue or OK, the installation starts. But what you get is not an actual plug-in required to see something, but a downloader trojan that installs more malware in no time.
Not all messages can be trusted, even if you think that they come from a safe-looking site.
Learn more about a plug-in or an application that messages ask you to install. Simple Google search will answer all your questions. Don’t get used to clicking OK without reading the message. Lots of threats get into victim systems that way.