I got a note last week from a friend that Winn Schwartau’s blog (http://securityawareness(dot)blogspot.com) had been compromised. I checked it — and sure enough, it had been taken over by Malware Alarm, a rogue antispyware app. Basically, you went to the site and got the typical Malware Alarm warning message, which no matter what you do, brings up the fake MalwareAlarm scanner (basically, a web page designed to look like it’s actually scanning your system, designed to scare the bejeezes out the unsuspecting user).
Right now, the page is being blocked by Blogger:
However, you can still find the malware link in Google’s cache. And only the main page is blocked — permalinks will steal spew these fake security popups.
I can only assume that Winn knows what’s going on and is working it out.
Alex Eckelberry
(Thanks, Doug, for the heads up and the pics)
Update: Winn responds.