Rootkit masquerading as Pro Evolution Soccer 2012 keygen

Users who want to play the Pro Evolution Soccer 2012 game free of charge are in danger of getting duped and their computers compromised while looking for game cracks, warns GFI.

When searching for a key generator for the game they can stumble upon a YouTube (or other similar website) page with links for supposedly downloading the full game, key generators, cracks AND serial numbers for it, but the promise is false.

The offered compressed file consists of three files: a HTML and a text file (both named “password”), and another ZIP file purportedly containing the key generator app.

Now, one would assume that the text file contains the password for the compressed file, but it doesn’t. Instead, there is a shortened link to a site where the password can supposedly be picked up – AFTER filling out a survey:

Once the survey is completed, the victim receives the password for running the key generator.

Only, the software in question is actually the ZeroAccess rootkit, which hides from the AV solution installed on the system, stops legitimate programs from working, redirects users’ online searches to malicious pages, and downloads additional malware.

Fortunately, the great majority of AV solutions have signatures for detecting this particular rootkit, but not all users have one installed, so it pays to be careful when considering too-good-to-be-true offers from unverified sources.