Here's a screenshot of a google search result:
A Fiddler capture shows us the redirections:
So we go from
An installer named Soft_207.exe will be presented for download, which is a variant of the Total Security family of Fake AVs.
At the moment, the following domains have been observed to have been involved in this attack:
These domains resolve to the following IP addresses:
But knowing the trend in scareware, there could be heaps more domains being created as we speak.