An improved set of high volume injections has been targeting WordPress pages. It appears that the malware has already compromised over 200,000 websites.
The mass-injections direct potential victims to a false AV site which performs a scan on the device as an element of Windows Security Alert. The window that appears on the screen after the “scan” reminds of a Windows Explorer window which prompts to install an AntiVirus system. This “AntiVirus” system turns out to be a malicious Trojan.
According to Websense Security Labs blog, 85% of the infected WordPress Websites are hosted in the USA. However, the threat goes to everyone who visits these compromised sites.
Senior Malware Analyst Vyacheslav Zakorzhevsky announced that the number of fraudulent AntiVirus programs has been decreasing. Even though false AV notifications fall, those false “windows errors” pop-ups remain.