A number of these URLs that come up in search results have been found on MyMobi, a news site that covers news about new gadgets. These pages have been cleaned up in the meantime, but that's no guarantee that the criminals won't manage to compromise them again - or other sites for that matter.
Once the users follow the offered link and lans on the compromised page, they get immediately redirected to a malicious page where a script tries to download a file named SecurityScanner.exe onto their computers. If they run it, a fake AV by the name XP Antispyware 2012 gets installed.
"The program contains a registration button. When users click this, the page redirects to a phishing site with a newly created domain that contains the “Choose Plan & Checkout” option to purchase XP Antispyware 2012," explains a Trend Micro researcher. "The FAKEAV malware also blocks Web browsers, Internet Explorer and Google Chrome from surfing the Internet unless users purchase the product."
netizens left a footprint.