One of the more common malware scams these days is fake antivirus popups – these are browser windows dolled up to look like Windows Vista or Windows 7 and designed to trick the unwary user into thinking that his or her computer is infested with something malicious. According to the Internet Storm Center, there is another outbreak of these on Twitter today.
Generally, there are two different attacks going on here. The first is that the browser is generally downloading and attempting to execute some malware payload while the fake AV is distracting the user. Some go even farther, prompting the user to enter credit card details to buy the “full version” of the software. The full version does nothing, of course, but by the time the victim realizes that, he or she is already out the money and has turned the credit card number over to a pack of criminals.
This is bad.
If you get an antivirus popup, be absolutely certain that it is from a legitimate piece of software running on your computer. As you can see from the screen shot above, these false ones often fail to obscure the location bar and the other browser controls; some are more sophisticated than others, of course, but most of them are fairly obvious fakes like the one above. And remember that no legitimate antivirus vendor will accost you for additional payment to remove a virus. That’s another sign that you’re being duped.