Computeractive has uncovered a sophisticated phishing attack that fools people into downloading malicious software by mimicking a genuine Microsoft Windows security alert.
A variation on rogue anti virus software, the email includes a link to a phishing website, which takes the victim to a fake website. The words "You are here because one of your friends have [sic] invited you here. Page loading, please wait…" is shown and a fake Microsoft startup screen loads.
A menu bar appears and says "Microsoft Security Alert 2012 has found critical process activity on your PC and will perform fast [sic] scan of systems files."
It then appears to the victim as if their computer is being scanned in real time. A Windows security alert menu will then pop up with ‘Remove All’ or ‘Cancel’.
If the person clicks Remove All, a file called setup.exe is downloaded, which infects the PC with a Trojan that harvests people’s email contacts.
A video of the attack has been put online by a Computeractive team member.