How long does it take to get infected with Malware? About 5 minutes

Having a freshly setup PC, and virtual machine, I went looking for trouble.  I did a search for “medical forum” and up popped a link for  I went to the site and created an account and then started navigating the site.  BOOM, I was redirected to a site that faked looking like an anti-malware scan.  It told me I had malware and asked if I wanted to install anti-malware software.  “Of course” I said yes.  IE’s Smartscreen, using its new reputation check, warned me that it was not a commonly downloaded file.  But I persisted and for the Run Anyway option.  Windows 7 asked if I really wanted to give this download administrator privileges, and I said yes.  So off went the installation.

The Rogue AV installation succeeded and took over my PC.  All was lost.  Of course I had multiple opportunities to block this attack, but I let the social engineering work.  Total time from start to finish, less than 5 minutes.

Of course the really good news is that IE9’s SmartScreen worked perfectly and I really had to go out of my way to figure out how to run the Rogue AV’s setup.  Another great reason to run IE9.

This entry was posted in Computer and Internet, Security and tagged , , , , . Bookmark the permalink.