Protection System uninstalls Malwarebytes

Sep 4, 2009 09:19 GMT  ·  By
Protection System fake antivirus instructs users to uninstall Malwarebytes' Anti-Malware
   Protection System fake antivirus instructs users to uninstall Malwarebytes' Anti-Malware

Security researchers warn that fake antivirus programs could instruct users to disable the legit security software they have installed. This behavior has been observed with a recent rogueware variant called "Protection System," which attempts to uninstall the Malwarebytes anti-malware tool.

Rogueware is a term used to refer to software that employs social engineering to trick users into acquiring licenses for them. Most of these applications are falsely marketed as antivirus programs or tools that are supposed to increase system performance, but in reality, they are useless. Because the techniques used by their creators have the purpose of scaring the user into parting with their money, they are also generically called scareware.

There are many methods of distribution for these rogue applications. They can be silently deployed on already-infected computers by other malware, they can be offered to visitors on malicious websites as video codecs or Flash Player updates, or they can be installed during Web drive-by download attacks.

The security community and legit antivirus vendors has long fought against this type of threats, but as it turns out, sometimes the malware can fight back. Such is the case with a new scareware application named "Protection System," which was recently analyzed by security researchers from Sunbelt Software.

This malicious application seems to have been crafted specifically to target a legit anti-malware tool called Malwarebytes. During its own installation, it performs a search to determine if Malwarebytes is installed on the computer. If that is the case, it will display an alert reading "There is unauthorized antivirus software detected on your computer. It is recommended you to [sic.] remove it, otherwise it could conflict with 'Protection System.' Press 'OK' to remove Malwarebytes' Anti-Malware."

Not surprisingly, the alert dialog only has an "OK" button and pressing it will execute the Malwarebytes uninstaller. The irony here is pretty obvious. A fake security software calls a legit one, which is known to be particularly efficient against rogueware, "unauthorized." Moreover, it invokes a possible conflicts between security applications. While this might be true for full-fledged antivirus products, it does not apply to Malwarebytes, which is primarily installed by users as a "wingman" or "second opinion" for other security software.

The Softpedia review of Malwarebytes' Anti-Malware can be read here, while the latest version of the application can be downloaded from our servers.