Security Corner

Apr 8 2011   12:20PM GMT

Beware LizaMoon Rogue-AV

Ken Harthun Ken Harthun Profile: Ken Harthun

I haven’t seen this one, but it seems to be quite nasty. The latest issue of Windows Secrets alerted me to it. Fred Langa posted a blow-by-blow account of an infection:

A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.

Fortunately, LizaMoon is easy to avoid if you know what to look for.

Using rogue-AV scare tactics, LizaMoon tries to trick you into running bogus security-scan and virus-cleanup tools on your PC — but it’s pure malware.

If allowed onto your PC, this particular ploy is especially troublesome because it can partially disable the Windows Security Center and change the Registry so that the full WSC can’t be restarted. It also interferes with Microsoft Security Essentials, if MSE is running. (You’ll find lots more LizaMoon news coverage via Google.)

Supposedly, infection peaked in October of 2010 at around 5600 affected sites, but it’s making a comeback, according to Langa. These things never really go away completely and often resurface. Be especially aware when searching sites on Google.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: