Fake AV’s double attack
Fake AV is regularly at the top of the lists of peddled malware, and part of the reason it’s because it is spread in a many different ways: spam, compromised websites, SEO poisoning, etc.
Coming at you from two sides, the likelihood of succeeding is doubled. If one of both manage to circumvent your defenses, you’re in for a ride! The installer file copies itself to your system, adds Registry keys to hook system startup and drops a .html file that will be loaded on your desktop instead of your chosen background. This is how it looks like:
Enough to frighten the nonprofessionals, don’t you think?
Anyways, after doing this, it inserts URLs that lead to the rogue software into the IE’s list of trusted sites, and downloads the fake AV from one of them and runs it on your computer. The name of this malicious program is Internet Security 2010, and its professional look can fool people unfamiliar with this kind of scam.