The rogue AV involved in the attack is a spoofed version of a well-known legit antivirus. The infection vector is pretty much similar to what weve seen up until now: a poisoned search result leads the user to a domain hosted with free domain provider co.cc. If they do, they will be redirected to a fake scanner. If not, they are redirected to google.com. The malware campaign has also been spotted on microblogging social networks where the malicious links have been concealed using short URLs.”]