Having a freshly setup PC, and virtual machine, I went looking for trouble.  I did a search for “medical forum” and up popped a link for medhelp.org.  I went to the site and created an account and then started navigating the site.  BOOM, I was redirected to a site that faked looking like an anti-malware scan.  It told me I had malware and asked if I wanted to install anti-malware software.  “Of course” I said yes.  IE’s Smartscreen, using its new reputation check, warned me that it was not a commonly downloaded file.  But I persisted and for the Run Anyway option.  Windows 7 asked if I really wanted to give this download administrator privileges, and I said yes.  So off went the installation.

The Rogue AV installation succeeded and took over my PC.  All was lost.  Of course I had multiple opportunities to block this attack, but I let the social engineering work.  Total time from start to finish, less than 5 minutes.

Of course the really good news is that IE9’s SmartScreen worked perfectly and I really had to go out of my way to figure out how to run the Rogue AV’s setup.  Another great reason to run IE9.