System Doctor 2014: A fake AV for the upcoming year
Posted on 03.07.2013
In an effort to keep one step ahead of security solutions and attentive users, peddlers of fake AV solutions often change the name of the malware they are trying to sell.

Researchers from Microsoft's Malware Protection Center are warning about the latest two instances: System Doctor 2014 and System Care Antivirus.


These are two variants of the same malware - detected by Microsoft as Winwebsec - but with a different look / user interface.

"While there are differences between the two Winwebsec variants, they also have a number of behaviors in common: both have used the same custom obfuscation in an attempt to avoid detection by antimalware products, both use a similar request format when sending details of their installation to the distributors' server, and both attempt to prevent all other programs from running apart from a few that appear on a specified whitelist," the researchers point out.

Also, both variants use the same activation code.

The System Care Antivirus is an older variant that has been around for a while now. Even thought Winwebsec creators obviously wanted to snag those customers that can be swayed by the "2014" in the newest offering's title, System Care Antivirus is still the dominant one because System Doctor 2014 stops running if it detects it on the target computer.

It's also interesting to note that System Doctor 2014 does not behave like your typical fake AV solution, as it seemingly does clean some of the "found" threats but, alas, it's not able to clean them all. For that, users will have to pay up.

Once the activation code (AA39754E-715219CE) is inserted and the rogue AV's "full" version is activated, it reports that the cleaning has now been completed. The good news is that it now stops trying to block other programs from running, and you can (and should) now easily use a legitimate AV solution to remove it from your computer.









Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //