Top Story, April 7, 2011
LizaMoon infection: a blow-by-blow account
By Fred Langa
A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.
Fortunately, LizaMoon is easy to avoid if you know what to look for.
Using rogue-AV scare tactics, LizaMoon tries to trick you into running bogus security-scan and virus-cleanup tools on your PC — but it's pure malware.
If allowed onto your PC, this particular ploy is especially troublesome because it can partially disable the Windows Security Center and change the Registry so that the full WSC can't be restarted. It also interferes with Microsoft Security Essentials, if MSE is running. (You'll find lots more LizaMoon news coverage via Google.)
My encounter with LizaMoon started unexpectedly one evening when a suspicious warning popped up on my screen. As discussed in a previous Top Story, I use Microsoft Security Essentials and the Windows 7 firewall to protect all of my PCs. In over a year of constant use, I'd never had any malware trouble. But that abruptly changed.
That evening, I was searching for something through Google — I don't recall what. When I clicked a link, a blank page overlaid with the dialog in Figure 1 popped up instead of the site I was expecting....