FakeAV has been around awhile. Its infection success can be contributed to its use of social engineering. It typically mimics a security alert that indicates you're infected and offers ways to clean it.
The latest variant is going mostly unnoticed because of the way its spreading... through legitimate sites such as MSNBC.com. A banner advertisement served by msn redirects, and several redirects later we end up with content served by adshuffle1.com. The URLs vary, but this seems to be the most suspicious:
But we don't stop here. Another redirect brings us to domains hosted on 126.96.36.199. So far I've seen:
conduceability DOT com /new/users/root/file/file.exe
which has been tracked by AMaDa: http://amada.abuse.ch/?search=c88c13514cebb65a76d0429ec3879f7d
fairysm DOT com /new/show.php?key=87c1a082278ace8fdf2f63b86db29d6f&u=root
fairysm DOT com /new/2fcf333c783/7909df6ac8d.jar
karolie DOT com /new/forum.php
At some point during the infection phase, you're presented with some alarms. Just a couple screenshots of what you'll see:
Security software ThinkPoint(c) has detected the submitted suspicious file Trojan.Horse.Win32.PAV.64.a as a virus. A trial version of ThinkPoint(c) software is able to remove Trojan.Horse.Win32.PAV.64.a virus from your system.
It is installed on your computer.
Please click "Ok" to reboot and complete the installation.
What little information there is about this attack is limited to the blogging and forum communities. Some references include:
Microsoft Security Essentials is Fake
ThinkPoint Fake AV
Security Alert: ThinkPoint or MSE FakeAV infection
How to remove ThinkPoint (Uninstall Guide)
ThinkPoint rogue has functioning menu
If you're an administrator on your network, I suggest you just go ahead and block the IP 188.8.131.52 until the Advertisers clean this up. Even if your antivirus manages to catch this, I'm afraid of what else it might not have caught in the process and could be sitting idle.