Posted by: Ken Harthun
I haven’t seen this one, but it seems to be quite nasty. The latest issue of Windows Secrets alerted me to it. Fred Langa posted a blow-by-blow account of an infection: http://windowssecrets.com/links/qivu6yl5kstcd/3a87b0h/
A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.
Fortunately, LizaMoon is easy to avoid if you know what to look for.
Using rogue-AV scare tactics, LizaMoon tries to trick you into running bogus security-scan and virus-cleanup tools on your PC — but it’s pure malware.
If allowed onto your PC, this particular ploy is especially troublesome because it can partially disable the Windows Security Center and change the Registry so that the full WSC can’t be restarted. It also interferes with Microsoft Security Essentials, if MSE is running. (You’ll find lots more LizaMoon news coverage via Google.)
Supposedly, infection peaked in October of 2010 at around 5600 affected sites, but it’s making a comeback, according to Langa. These things never really go away completely and often resurface. Be especially aware when searching sites on Google.