Microsoft has issued a warning about a new scareware racket that tries to trick users into installing a rogue anti-virus software, a relatively new malware vector that has gained increased prominence recently. This new, sophisticated attempt tries to gain trust by mimicking the design of genuine websites and user prompts to pull off its social engineering trickery.

Specifically, the threat here is from the MSIL/Zeven malware, which pops out a window to match the malware warnings depending on the specific browser type that a user is working on. The warning leads users to another page, where a purported anti-virus "scan" will identify a number of infections. A cure is then offered, which turns out to be chargeable.

The fact that users are shown a very good impersonation of the Microsoft Security Essentials Website and Microsoft Malware Protection Centre serves to lower their guard. Needless to say, the payment page is really about stealing the credit card information.

For more on this story:
- check out the article at ComputerWeekly
- read this article from ITProPortal