Fake Antivirus Lives On, Now Infecting 200K WordPress Pages

A new series of mass-injections have been targeting WordPress sites as of late and appear to have already infected more than 200,000 web pages according to a report on Websense’s Security Labs blog earlier this week.

The injections lead unsuspecting users to a bogus AV site that appears to perform a scan on the computer, allegedly as part of a “Windows Security Alert.” The graphic that pops on screen resembles a Windows Explorer window that – after running the “scan” – encourages the user to download an anti-virus program that turns out to be a Trojan.

Websense notes that 85 percent of these compromised WordPress sites are hosted in the United States but goes on to warn that everyone is at risk when visiting sites like these.

Last November, Vyacheslav Zakorzhevsky, a Senior Malware Analyst in Kaspersky Lab’s heuristic detection group reported that he had actually been a decrease in the number of fake AV programs infecting users. While fake antivirus notifications may be in decline however, these fake “windows errors” notifications continue to persist.

For the full take on this, head to Websense’s Security Labs blog.