In a recently discovered spam e-mail campaign promoting fake AV, the links in the messages take users to one of more than 300 compromised domains.
“Unsurprisingly, the fake antivirus detects plenty of viruses. Decompressing the Flash file and analyzing it shows a huge list of files contained within it. The Flash movie then simply picks some of these at random and claims they are infected (with equally random virus names).”
Users are then offered the option of removing all the found malware. If they choose not to, they are bombarded with warnings about an imminent system crash and urged to change their decision. If they choose to remove the malware, they are offered a “Windows Risk Minimizer” for downloading and, once run, the fake solution appears legitimate. It also runs a scan and finds the system is overrun with malware.
If users still fail to proceed to buy a subscription for the solution and close the window, the fake AV will vex them with pop-up warnings and balloon messages indicating a program was blocked from stealing data, identity theft is in process, or threats of prosecution. It then claims the problems can be solved by buying a lifetime subscription and support for the fake AV for $99.
From Help Net Security