Symantec said that spam messages promoting the fake anti-virus software, known as scareware, contain links to compromised domains, which redirect users to the scareware site. The company said that is somewhat unusual that scareware is being sent through a webmail service, rather than arriving through drive-by exploits.
"When opening the fake anti-virus site, the user is greeted with a JavaScript alert message, whereby the fake antivirus...claims that your machine is infected. When OK is clicked, a fake scan is carried out”, Symantec researcher Nick Johnston explained.
The bogus website uses Flash-based technology to make it appear that it is “scanning” the computer for viruses. A “Windows Security Alert” dialog box appears, indicating that viruses have been detected.
If the recipient tries to exit, a series of alarming messages pop up warning the user that their computer is “at risk” of various calamities. For just $99.90, the user can buy the useless software to prevent these things from happening. But if you are not happy with the “software”, the website offers you a 30-day money back guarantee. Good luck redeeming that guarantee.
“To avoid getting infected with fake ant-ivirus software, ensure you keep your operating system, Web browser, and anti-virus software up to date with all security patches”, Johnston advised.