A website injection attack designed to trick people into installing fake Microsoft support software was discovered last week:
The so-called “mass-injection” attack, which experts say is the largest of its kind ever seen, has managed to insert malicious code into websites by gaining access to the servers running the databases behind the Internet, according to the technology security company that discovered it.
According to a Websense alert, the attacks started with the domain Lisamoon.com, which was created with false information. The attack dubbed “LizaMoon” redirects the user to a fake Microsoft “Windows Stability Center” which then claims that there are problems with your system and offer a software fix for a charge.
Microsoft does not have a “Stability Center” and it is not known yet if this is just an identity theft ring or just a ploy to install malware on unsuspecting users machines.
Always be leery of online anti-virus messages, especially those that appear to auto-inspect your machine and tell you that viruses were detected. Do not click any options in dialogue boxes that may appear, asking if you want to install the software. You best bet is to close the window and if it won’t allow you to do so, use task manager to close the program.