An edited version of an Article by Fred Langa, Windows Secrets

A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.

Fortunately, LizaMoon is easy to avoid if you know what to look for.

Using rogue-AV scare tactics, LizaMoon tries to trick you into running bogus security-scan and virus-cleanup tools on your PC — but it’s pure malware.

If allowed onto your PC, this particular ploy is especially troublesome because it can partially disable the Windows Security Center and change the Registry so that the full WSC can’t be restarted. It also interferes with Microsoft Security Essentials, if MSE is running. (You’ll find lots more LizaMoon news coverage via Google.)

My encounter with LizaMoon started unexpectedly one evening when a suspicious warning popped up on my screen. As discussed in a previous Top Story, I use Microsoft Security Essentials and the Windows 7 firewall to protect all of my PCs. In over a year of constant use, I’d never had any malware trouble. But that abruptly changed.

That evening, I was searching for something through Google — I don’t recall what. When I clicked a link, a blank page overlaid with a dialog popped up instead of the site I was expecting.

My mental alarm bells immediately started ringing — the dialog was identified as a Message from webpage. But why was a random, external webpage displaying what looked like a local security message?

Also, how could a random webpage know what was installed on my system (suspicious programs or not)? The warning made no sense.

There was plenty more to suggest that the dialog was bogus. For example, the third sentence is in fractured English — Microsoft dialogs aren’t like that. And the kicker: I keep my system very clean, so the odds that it would suddenly contain “a variety of suspicious programs” are virtually nil.

Then it struck me. I’d encountered a for-real LizaMoon page hijack, in the wild!

Typically, when you encounter any suspicious webpage dialog, the correct procedure is to immediately dismiss it via the red-X close box in the upper-right corner of the dialog box or to simply close the browser. (If needed, you also can use Windows’ Task Manager to kill offending software or its processes.)

Next, if you think you might have a security problem, you should manually launch known-good security tools directly from reliable sources. In no case should you ever launch unknown software triggered by visits to random websites.

In my case, however, this was exactly the kind of malware I’d been looking for to test. In the past few months, readers reported encountering new malware that masquerades as a security tool — malware that disables or bypasses Microsoft Security Essentials. I’d been trying to track it down for weeks. And suddenly, there it was.

Microsoft Security Essentials: first failure

I have to say I’m disappointed that Microsoft Security Essentials didn’t detect or prevent this infection. It should have, and I hope Microsoft patches MSE pronto.

Remember: You won’t get infected with LizaMoon (and similar malware) unless you allow it!

Click here to read the full article.