Having a freshly setup PC, and virtual machine, I went looking for trouble. I did a search for “medical forum” and up popped a link for medhelp.org. I went to the site and created an account and then started navigating the site. BOOM, I was redirected to a site that faked looking like an anti-malware scan. It told me I had malware and asked if I wanted to install anti-malware software. “Of course” I said yes. IE’s Smartscreen, using its new reputation check, warned me that it was not a commonly downloaded file. But I persisted and for the Run Anyway option. Windows 7 asked if I really wanted to give this download administrator privileges, and I said yes. So off went the installation.
The Rogue AV installation succeeded and took over my PC. All was lost. Of course I had multiple opportunities to block this attack, but I let the social engineering work. Total time from start to finish, less than 5 minutes.
Of course the really good news is that IE9’s SmartScreen worked perfectly and I really had to go out of my way to figure out how to run the Rogue AV’s setup. Another great reason to run IE9.