At the time of writing, Google shows over 720,000 compromised URLs. According to VirusTotal [http://www.virustotal.com/analisis/23c06523d4b5cf2c9e853bb5e7a20916e5246e81a17a39b9aad3f2f86056defd-1252440943], only two of forty-one anti-virus companies are currently detecting the malware.
Credit also goes to Edgar (http://edetools.blogspot.com) who independently discovered and blogged about this same threat.
The compromised sites frequently contain fake blogs on the topics of entertainment and celebrities such as Britney Spears (see screenshot).
Unprotected users will see a pop up window that performs a fake system scan. The user is then notified that they are infected with several threats and prompts to download the supposed cure, which is in fact the malware. This scheme is all too common and eSoft’s Threat Prevention Team has been detecting a dramatic increase in this scam through August. This latest appears to be the most widespread to date.
The malware payloads change often and anti-virus detection is lagging behind. eSoft recommends multiple layers of anti-virus at the desktop and gateway in combination with secure web filtering. A secure web filter protects users by blocking the malware distribution points even as the malware changes to evade anti-virus detection.