As the Websense ThreatSeeker Network claims, some of the well known rogue anti-spywares are using new ways of distribution. This fresh wave of mass-injections has been found to be directed against websites that are hosted by the WordPress content management system. According to the latest news, more than 200.000 webpages have been infected by trojan that hijacks visitors and redirects them to the websites hosting Rogue anti-spywares. Such sites are designed to make users download and install malware on their computers.
The three-level redirection scheme results in finding yourself on a fake website promoting malware. Though such websites are just a pop-up windows within the browser, they look like a Windows Explorer window that displays the full system scan and additionally shows for the victim how hard his/hers PC is infected with malware. Note that scanners also look like normal Windows application, so have no doubt and ignore “Windows Security Alert”. Typically, users are offered to download this fake antivirus application and “run” it in order to remove those trojans that are supposedly detected.
We must warn you about such compromised pages that distribute malware. Please, leave them right away after being redirected and don’t fall for downloading tools that are promised to help you with malware removal.