Ransomware has become more prevalent than fake antiviruses, but we haven’t seen the last of Fake AVs. According to Microsoft experts, the creators of Rogue:Win32/Winwebsec are spreading a bogus antivirus application called “System Doctor 2014.”
Researchers highlight that Rogue:Win32/Winwebsec only relies on one bogus antivirus at a time. This means that System Doctor 2014 is actually replacing its predecessor, System Care Antivirus.
Interestingly, System Doctor 2014 is designed to check infected computers for signs of System Care Antivirus. If the older version is found, System Doctor 2014 stops running.
Besides different looks, System Doctor 2014 is also designed to act differently. It apparently cleans some of the fake threats before asking victims to pay up.
Users are informed that some of the threats can’t be cleaned up unless the product is activated, a process that requires the payment of a fee.
It’s also worth noting that the names of the threats supposedly identified by System Doctor 2014 are taken from Microsoft’s malware encyclopedia.
However, experts have found that some similarities still exist between the two variants.
“Both have used the same custom obfuscation in an attempt to avoid detection by antimalware products, both use a similar request format when sending details of their installation to the distributors' server, and both attempt to prevent all other programs from running apart from a few that appear on a specified whitelist,” David Wood of MMPC Melbourne noted.
In addition, both variants use the same activation code.
Of course, experts strongly advise against paying the activation fee. Simply use a genuine antivirus solution to clean up the threat.
If you want to avoid falling victim to Fake AVs, make sure you only use the solutions offered by reliable vendors. However, see to it that you install the product yourself, since fake antiviruses might leverage the name and reputation of legitimate applications.