A few people are getting sucked into installing MS Antispyware 2009. They go to some site and get a popup offering to install this program. Think about it. Normal websites don’t offer antispyware programs through a popup.
What’s wrong with this program? It contains a virus and the victim actually consents to install it. Sean-Paul Correll has provided an excellent video and a write-up at the PandaLabs Blog about this menace.
What is different about this exploit is the use of hundreds of SEO pages targeting major brands such as Ford and Nissan – search for some specific model or a car part and you will find links (mostly in Poland – .pl) that include dangerous infections as reported by Norton Internet Security.
The following Google search “site:.pl nissan” has a few normal results at the top of the page, but then you get dozens of weird subdomains such as (don’t go there):
All of them are marked noarchive, hence you won’t see a Cached link. Most of these are doorway pages to p0rn sites but some also include infectious content.