As I mentioned last week, more Fake AV pages are once again showing up in popular Google searches. Although these malicious pages look the same as they did 2 years ago, the source code is different.
|Download the malicious executable with wget|
|Fake AV page|
|The google() function|
The animations (blinking text, scanning progress bar, etc.) are all done with animated GIF files.
Overall,these Fake Av pages are low tech, very unique and very easy to track .... but still very effective. Desktop antivirus, often the only protection available to home users, generally fails to block the page and fails again to block the malicious executable.