Top Story, April 7, 2011LizaMoon infection: a blow-by-blow account
By Fred Langa
A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.
Fortunately, LizaMoon is easy to avoid if you know what to look for.
Using rogue-AV scare tactics, LizaMoon tries to trick you into running bogus security-scan and virus-cleanup tools on your PC — but it's pure malware.
If allowed onto your PC, this particular ploy is especially troublesome because it can partially disable the Windows Security Center and change the Registry so that the full WSC can't be restarted. It also interferes with Microsoft Security Essentials, if MSE is running. (You'll find lots more LizaMoon news coverage via Google.)
My encounter with LizaMoon started unexpectedly one evening when a suspicious warning popped up on my screen. As discussed in a previous Top Story, I use Microsoft Security Essentials and the Windows 7 firewall to protect all of my PCs. In over a year of constant use, I'd never had any malware trouble. But that abruptly changed.
That evening, I was searching for something through Google — I don't recall what. When I clicked a link, a blank page overlaid with the dialog in Figure 1 popped up instead of the site I was expecting....
Thanks for the exercise Fred.
ReplyDeleteOK, so the perpetrator does not have a great command of the English language or Photoshop, but if he did and were so inclined he could have made all these prompts look legitimate. My question is - why does the operating system itself not provide means of inquiring what program is generating the prompt. M$ has tons of prompts that range from "vaguely familiar" to "what the heck is this", and they change the names of them every couple of years just to make sure I don’t know them. I've got a job that I need to know how to do, I shouldn't have the equivalent of another job just to know how to operate my computer safely.
Yes this guy should have his face pummeled in so his own mother would not recognize him, but does Microsoft really need to make this so easy for him to do?