Просмотр полной версии : Win32/FakeRean is 33 rogues in 1

13.03.2010, 15:33
Back in August 2009 we added a rogue called Win32/FakeRean to the list of families removed by MSRT. At the time, I wrote about how it used several different names, like Home Antivirus 2010 and PC Antispyware 2010, which all looked pretty much the same. This is a trick used by most modern rogues; I covered it in some detail in my presentation at Virus Bulletin conference last September.

Alongside the use of different names, we've seen some rogues introduce different versions for different operating systems. FakeRean now uses individual names and looks for Windows XP, Windows Vista and Windows 7; however, rather than distribute multiple versions for each of these three platforms, FakeRean's creators have taken an all-in-one approach.
The latest version of FakeRean chooses randomly from a list of 11 names each time it is installed. It then inserts a string into the name that is dependant on which version of Windows it is running on. The result is that a single version of the rogue can use any one of 33 different names:http://blogs.technet.com/mmpc/archive/2010/03/09/win32-fakerean-is-33-rogues-in-1.aspx