Infection numbers of well-established fake AV families have reached the lowest level in years, and Microsoft researchers believe the drop is the result of the antimalware industry's efforts and greater user awareness.
As vacuums usually tend to get filled again pretty soon, other malicious players have tried to step in. Case in point: the Defru rogue AV.
Defru's modus operandi is simple. It modifies Windows' hosts file - the file that tells the PC what webpage to go to when the user types a URL into the Internet browser - to redirect users to a malicious website that sports a fake infection warning:
This redirection happens if the user wants to visit one of the 300+ websites that include those of popular AV vendors, security forums, news sites, online services, social networks and search engines.