Another day another scam virus warning advert. This time on AOL search or an AOL search paid result link!
The box that pops up has so many line returns that the OK button falls off the bottom of the screen, probably to confuse the user into thinking their computer really has been locked.
The message reads:
Windows Security Alert!!
System has been infected due to unexpected error!
Please Contact Microsoft Certified Expert 0-800-014-8239 Immediately!
to unlock your computer.
Suspicious Activity Detected. Your Browser might have been hijacked or hacked.
Private and Financial Data is at RISK:
. Your credit card details and banking information
. Your e-mail passwords and other account passwords
. Your Facebook, Skype, AIM, ICQ and other chat logs
. Your private &family photos and other sensitive files
. Your webcam could be accessed remotely by stalkers
IMMEDIATELY CALL Microsoft Certified Expert AT 0-800-014-8239
MORE ABOUT THIS INFECTION:
Seeing these pop-up’s means that you may have a virus installed on your computer which puts the security of your personal data at a serious risk.
Its strongly advised that you call the number above and get your computer inspected before you continue using your internet, especially for Shopping or Banking.
Call immediately for assistance. Contact Microsoft Certified Expert at (0-800-014-8239 )
Victims are asked to call a UK freephone number of 0-800-014-8239 (aka. “0800 014 8239” or +448000148239 / 08000148239)
The wording is very similar to a scam I saw back in October.
The domain the scam warning was served from was http://www.rightclickitserv.com who seem to be a SEO (Search Engine Optimisation) and tech support company. Whois on the domain is:
Registrant Name: Manish Verma
Registrant Street: 10518 Friends Colony
Registrant City: Gurgaon
Registrant State/Province: Other
Registrant Postal Code: 122001
Registrant Country: IN
Registrant Phone: +91.8802257971
Registrant Email: firstname.lastname@example.org
Also related is another advertising / search related website of www.afftronics.com (Hosted on the same server linked by GA).
Through a convoluted link of whois details and websites being hosted on the same IP I believe the following domains are suspicious and also related to the same group or call center.