A website injection attack designed to trick people into installing fake Microsoft support software was discovered last week:
The so-called “mass-injection” attack, which experts say is the largest of its kind ever seen, has managed to insert malicious code into websites by gaining access to the servers running the databases behind the Internet, according to the technology security company that discovered it.
According to a Websense alert, the attacks started with the domain Lizamoon.com, which was created with false information. The attack dubbed “LizaMoon” redirects the user to a fake Microsoft “Windows Stability Center” which then claims that there are problems with your system and offers a software fix for a charge.
The Websense update on the attack states:
"The LizaMoon mass-injection campaign is still ongoing and more than 500,000 pages have a script link to lizamoon.com according to preliminary Google Search results. We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally thought. All in all, a search on Google returns more than 1,500,000 results that have a link with the same URL structure as the initial attack. Google Search results aren't always great indicators of how prevalent or widespread an attack is as it counts each unique URL or page, not domain or site, but it does give some indication of the scope of the problem if you look at how the numbers go up or down over time."
Microsoft does not have a “Stability Center”, and it is not known yet if this is an identity theft ring or just a ploy to install malware on unsuspecting users machines.
Always be leery of online anti-virus messages, especially those that appear to auto-inspect your machine and tell you that viruses were detected.
Do not click any options in dialogue boxes that may appear, asking if you want to install the software. You best bet is to close the window and if it won’t allow you to do so, use task manager to close the program.
Source: Cyber Arms