Thanks for the reply 1972.
It must be a local trend among our userbase then. Good to know, I'd love to isolate it. I've noticed that we've been the target of a few surprisingly sophisticated phishing attacks in the last ~6 months, mostly from Russian and South American sources. Most of these attacks use highly detailed spoofed emails from Amazon, Paypal or banking sites. Without looking at source code, these emails are indecipherable from legit ones. Clicking links in the emails brings the user to sites that run Crimepack et.al against their browser.
But what really stood out to me on this particular malware variant was the DETAIL that went into the replication of the MSE console. It was 100% exactly correct in all graphics and wording. While other rogue AV malware are often pretty close, they usually get a graphic a little wrong (colors are off, logo is crooked), or something in the text will be off (bad grammer, slight mispellings). This one had none of that - spot on 100% clone of MSE.
While I have seen the overall sophistication of malware increase over the last ~5 years, this was the first time where I've seen one that even had ME fooled at first glance. When I first saw this one (last Friday) there was also zero detection rate from any of the scanning software. It took until Wednesday before ESET, Symantec corp, or Malwarebytes was able to detect and remove.