A new rogue has started making its appearance from compromised websites: Rogue:MSIL/Zeven. We received a sample (70be8ca73142922fd78acf2aafa9f141a977f15a) and a URL and began our investigation.
Let us say from the beginning that the guys behind this rogue like to copy big-time. They start by auto-detecting what browser the user is currently using, and then faking the malware warning page if the browser is Internet Explorer, Chrome, or Firefox. This is meant to be a social engineering scheme in order to trick the user into downloading and installing the rogue, relying on the user’s trust of his day-to-day browser.