Any excuse is a good excuse to distribute malware… this is what cyber-crooks may think, as they have used McAfee false positive to carry out BlackHat SEO attacks.
In fact, if you make a search using any of the following group of keywords, you’ll probably be surprised:
Mcafee Update
Mcafee Virus
Mcafee 5958
Mcafee Virus Scan Free Download
Mcafee Virus Protection Free Download
Mcafee Virus Library
Mcafee Virus Scan Enterprise
Mcafee Virus Definition
Mcafee Virus Database
Mcafee Virus Removal
Mcafee Virus Scan Plus
Mcafee Virus List
Svchost.exe Virus
W32 Wecorl.a McAfee
The results displayed can redirect you to websites from which the false antivirus detected as Adware/CleanUpAntivirus is downloaded.
Many users have been affected by this issue, so they will probably use search engines to find a solution. That’s why cyber-crooks are taking advantage of this.
We recommend all the affected users who want to know how to solve this incidence to access McAfee’s website directly and not to look for information using the search engines, at least, for the moment.
Update: Brian Krebs has published a similar post
Update 11:08 a.m. ET: Panda Security just published a similar post which also includes some screenshots of the rogueware web site.
Also a post here with some screenshot of (another) rogue:
http://malwaredatabase.net/blog/index.php/2010/04/22/new-rogue-domain-safetypcwork4-com/