On Friday evening I was talking to a North American customer who had been fighting with infections caused by SEO poisoning. They mentioned a particular search term that could generate new samples of FakeAVs. The funny thing was that the website hacked by the SEO poisoner was a blog of someone trying to promote legitimate business use of SEO technologies..

If you click on any of the links returned by the search you would be redirected to an Indian site containing this image:

After allowing scripts on an unprotected/filtered machine I quickly saw the pop up: