how does fake antivirus work?

[Bob Bayn <bob.bayn () USU EDU>]

The "SANS Securing The Human Program" training module #2 about Social Engineering demonstrates that fake antivirus 
programs fool you into going through the installation process to load their malware onto your computer.  Locally, I am 
hearing the assertion that fake AV is not nearly that gentle, that your computer is instantly and automatically 
compromised as soon as you go to their website, the process of installing their fake product can be just as fake as the 
process of evaluating your computer for current infections.

What is the range of how fake AVs really work?  Do some cajole you into installing their code while others silently 
inject their code automatically?

Around here, the most common instance of social engineering seems to be the simple email phish that asks for password, 
etc in reply or by going to a web form.

Bob Bayn                    (435)797-2396                 Security Team
                  You are on the Security Team, too.
Be an Internet Skeptic!  There's nothing really free on the 'net
Office of Information Technology     at     Utah State University
            http://tinyurl.com/bicyclists-share-kidneys