Your browser could be redirected to antivir-systempro.com, and you could be fooled into buying something from a spoofed website, following a driveby attack on your system. Or, a piece of malware could edit your hosts file and open a window to a legitimate looking Url. Right now, here is a short and active list of hosts file modifications from some active malware:
We’ve posted before on ugly hosts file modifications, and about the malicious authors’ intention of duping users into believing that they are downloading something from a legitimate site. The current scheme is in the same vein.
Know that the ip address 18.104.22.168, when added to the hosts file with the entry “itsecure.microsoft.com”, is not related to the legitimate software company’s web presence. Currently, this scheme leads to FakeAv “Antivirus System PRO”: