Why go the trouble of writing new code if you can “borrow” it from somewhere else. Our rogue researcher (in more ways than one) Patrick Jordan has pointed out the similarities in design elements in Web pages used by online scanner scams for the Trojan DNSChanger and four recent rogues.
The “System Folders” portion of the graphic is used in three of them. The “Your computer is infected!” graphic twice. “System scan progress” is used twice. The fake “Windows Security Alert” box three times.
1. “Online Protection:” Trojan DNSChanger
2. “Windows Security:” The FakeAlert for the Security Essentials rogue
On Rogue Blog: Security Essentials
3. “Wait a minute!” SecurityTool rogue
On Rogue Blog: SecurityTool
4. “Security Analysis:” FakeVimes family of rogues (most current is SmartSecurity.FakeVimes)
On Rogue Blog: SmartSecurity.FakeVimes
5. “Warning!” Antivirus Plus rogue
On Rogue Blog: Antivirus Plus