This is the way to go - moving in the right direction when fighting SEO poisoning.

NIS is blocking scripts that attempt to scare the user into downloading malware. In many cases, they are written in a similar way - and reused by malware proliferators without major changes. It's better to stop malware from downloading in the first place, rather than trying to inspect the file querying definitions &/or cloud when it arrives, ain't it?

Example 1:

The redirect to the malware serving page was blocked. This works in every browser.

Example 2:

This one perfomed a fake scan in the browser and then jumped and tried to force a download . Bad luck!

Example 3:

The green wheel keeps on spinning, but you can wait indefinitely for the fake scan to appear - the fake scan script itself got blocked this time, and it didn't even get the chance to force a download in the browser.

All of this works in every browser, NIS is guarding the http gate - therefore, browser neutral. Good work!