According to the Sophos Naked Security blog machines infected in drive-by downloads from compromised sites receive the scareware that appears as urgent update notifications.
The clue that the updates are phony is that they appear only when the affected computer uses Firefox. Legitimate updates come via Internet Explorer, Sophos says.
Victims click to receive the urgent updates and their computers are infected with malware that seizes up the machines. A persistent popup says the infection can be cleaned up by buying anti-virus software - a phony product sold by the criminals behind the phony Microsoft update notification.
Sophos recommends accepting updates only from vendors from whom users have requested updates.
Read more about wide area network in Network World's Wide Area Network section.