Some of the malware families that were part of the Operation Aurora attacks are being installed through fake antivirus and scareware attacks, researchers say. Researchers at Damballa found that the attackers have been using two separate fake AV programs to help download and install a cocktail of malware on victims machines. The scareware programs use the classic scareware tactic of serving fake infection warnings to victims. Once the user clicks on the warning, it begins the download process that leads to infection with the Aurora botnet malware.
Source: https://threatpost.com/inside-look-aurora-scareware-tactic-030410/73630/