Microsoft has released a warning about a new kind of browser-based attack.
The attack mimics genuine pages generated by browsers, such as Internet Explorer, Firefox and Chrome, and tricks users into installing a fake anti-virus software.
When users visit a compromised website running a malicious code, a genuine looking pop-up surfaces on their web browser, alerting them that their security defences are down and they need to install the an anti-virus software to contain the virus.
Users are prompted to download the anti-virus from a web page which looks exactly like the Microsoft Security Essentials website, and even redirects them to good impersonation of the Microsoft Malware Protection Centre.
The fake anti-virus, Win7 AV, tricks user into 'scanning' their system, which is supposedly riddled by malware. The social engineering attack then asks users for sum of money to fix their computer.
Many users have been tricked into 'buying' the anti-virus as the security warning seems genuine as it is generated from inside the browser.