Our alert analyst Adam found this one, although we don’t know why he was doing web searches for “Miss Universe 2010.” He clicked on one, expecting to see long legs. Instead, he saw this pop up:
(click image to enlarge)
VIPRE detects it as FraudTool.Win32.SecurityTool (v)
The really mangled English should have given that away – for native speakers, anyway.
Clicking “OK” lead to this rogue:
(click image to enlarge)
The rogue “Security Tool” has been around since last October. We posted it on the rogue blog here.
Thanks Adam
Tom Kelchner