A chameleon rogue

[LunarWolf]

After reading this, my reaction was Holy crap!!! I think we will expect to see more of this kind of rogues in the future.

We all know that fake antivirus solutions trick users into downloading a product by showing alarmist pop-ups claiming that the PC is packed full with malware. This one takes things to a whole new level. It starts by displaying personalized warning message windows that are strikingly similar to the AV solution it finds installed on the system. Yes, it is a chameleon that has a copycat kit for all the important AV products on the market. It goes so far in that it initially determines the AV running on the machine and the interface language selected by you. It will afterwards use the captions, the icons and the messages consistent with the personalized settings of the installed AV.

In order to leave you totally unprotected, the Trojan displays a popup warning and kindly asks you to reboot the system in order to perform the clean-up. But, before that, it queues your antivirus for uninstallation, then uses the genuine Microsoft bcdedit.exe (command line tool for managing BCD (Boot Configuration Data) files) in order to instruct the system to boot in safe mode after restart.

An eg.

Source and more info : http://www.malwarecity.com/blog/troj...vies-1114.html

But there is still a way to beat it. It requires CURIOSITY of a user WITHOUT the PROPER KNOWLEDGE.

[JayCub]

Thank you LunarWolf this is taking it to a whole new level, worthy of mentioning it here for us to take alook at what is happening... clever in the wrong way..

[Bearcat]

Thanks a lot for the warning LunarWolf! I come across this kind of crap ocassionally and I can easily see how the unwary could be trapped by it.