A friend was trying to access an account at Bank of China. This apparently required that she install some sort of security applet on her notebook PC. It also required that she use Internet Explorer instead of her usual Firefox browser.
I don’t know if it was during download or trying to install (I wasn’t watching), but AVAST detected it as a ROOTKIT. I advised her to delete it.
I believe that the English version of the site was:
The name of the file seems to be BOCNET_Client.exe
Can someone verify that this is indeed a ROOTKIT and not a false positive? It seems funny that the largest bank in China would be creating a ROOTKIT and REQUIRING all online customers to use it or they are denied online access to their accounts.
Can you send us the file to virus@avast.com, preferably packed in a password-protected ZIP or RAR, putting the password into the e-mail?
I’m not able to download the file from the URL you posted - the site appears dead.
It could be a phishing email which purports to come from the BOC but doesn’t, the link may take you to a site that looks like the BOC to further reassure (read deceive) the user into installing an official security applet, which is designed to infect.
If you actually type in the URL rather than click on a link in a phishing email you will end up at the genuine BOC site rather than the one spoofed to look like the BOC web site.
You have to exercise extreme care when doing this as if it were a spoofed/phishing site it could capture your login and password details. Firefox 3.0.1 has a built in anti-phishing element.