First, don’t click on any emails claiming to be an update from MSN or Microsoft.  MSN/Microsoft never sends emails about a “Free Update”.  If you want to update your PC *always* go to Microsoft.com (NEVER click on any links in an email offering windows updates).

Next, I did click on this link through one of my clean Virtual Machines.  Let’s see what happens, let us observe the path to infection!

1.  I received an email to my personal business account.  Spam Assassin does not recognize it as spam and lets it on through.

2.  I click on the link.  I can see the link takes me to a .swf (a flash file) hosted at imageshack.com.

3.  As soon as the .swf loads (almost instantly)  I am prompted to download install.exe.  I choose to open the file (pretending I am non-suspecting user seeking a windows update).

4.  We are now presented with a license agreement for AntiVirus XP 2008 which we can only agree to.

5.  As soon as I agree, Antivirus XP 2008 is loaded almost instantly.

6.  Oh WOW!  2506 infections on a clean PC!  Obviously a complete lie designed to scare people.

7.  …and if I try to uninstall it…oh, what a shock!  The uninstaller crashes.

8.  Well, I guess I’ll just remove those viruses.  When I click the remove viruses button I’m sent to a website to purchase this fake antivirus program for $49.95.

Not only will I lose $49.95, but I’ll also give up my identity to a international ring of thieves!!!