Windows 10 users who run ad-powered applications on their systems may be targeted by deceptive and fraudulent campaigns that make them believe that their PC is infected or that they have won an iPhone currently.
Several core Windows applications, e.g. Microsoft News, that come with the operating system natively display advertisement, and it appears that several of these ad-powered applications are causing the issue for users currently.
When a fraudulent ad is picked by the ad server, it is displayed to the user in the application. The advertisement opens a webpage in the default browser and displays either something scary, e.g. the PC is infected, or tempting, e.g. you won an iPhone.
The webpage that tries to intimidate the user states for example that viruses were found on the PC on a webpage that resembles the official Microsoft webpage.
via Günter Born
It may not be clear right away that the message is fake; experienced users may notice that it is and close the window, but inexperienced users may follow the advice and either get their systems infected in the process, submit personal information to the operator of the fake site, or make a purchase.
A (German) Microsoft Answers support page highlights the issue already. Microsoft MVP volunteer moderator Ingo Böttcher confirms that Windows Apps may open fake websites that scare the user with virus infection messages or suggest that the visitor won a high end gadget in the lottery.
According to the post, the issue is caused by fraudulent advertisement campaigns that run on Microsoft's advertising network.
Users are advised to close the tabs or webpages; doing so won't do any harm to the computer or personal files. The messages are fake, and the computer us not infected with a virus or trojan as suggested by the fake webpage.
There is little that affected users can do currently. Apart from not running the applications that display these fraudulent advertising campaigns, there is little that the average user may do. Experienced users may install and configure a DNS-based ad-blocking solution to deal with the issue. Everyone else needs to wait for Microsoft to kick the fraudulent campaigns and their publishers from its network.
Microsoft is not the only company that lets fraudulent advertising campaigns on its network. Google Search displayed "your computer appears affected" messages on Google Search in the past, and other major advertising companies had similar incidents in the past.
The incident shows once again that advertisement in its current form poses a risk on the Internet. The only option that users have is to protect their systems with ad-blockers.
Ad companies like Microsoft, Google, or Facebook, need to make advertisement safe, e.g. by restricting advertisement, before things have a chance to normalize themselves.