It seems SEO poisoning is the current "trend" for directing users to rogue antivirus software. These SEO poisoning attacks usually exploit major news topics, the latest of which is the September 29th earthquake off Samoa, which triggered a tsunami warning for numerous South Pacific islands, as well as Hawaii.
Readers looking for news articles on the earthquake may come across this page in the Google search results:
On clicking the link, the user is redirected to a series of sites via 302 redirects: The final landing page warns the user that their "system is infected":
The Windows Security Center warning looks authentic enough, but it is fake. Users are prompted to download rogue antivirus software.
As usual, be careful when browsing. These websites are blocked by our Browsing Protection.
—————
Updated to add: Looks like tweets are also being used to direct people looking for tsunami news to rogue AV. Searching Twitter with the term "tsunami" turned up the following tweet:
Which lead to the following message:
How nice, a free system scan. Then a notification that "Your computer is infected" appears:
Note that the whole "folder" is really just an image. Users then get messages asking them to download a rogue AV to clear the supposed infections.
