We
came across a new rogue security program called Win 8 Security System a few days ago. It's been quite some time since
we discussed rogue anti-virus software. The truth is there wasn't much to say
about scareware apart from some slightly modified or extremely buggy pieces of
malicious code that couldn't even load properly. Anyway, rogue security
products are not completely gone yet but rather replaced with ransomware. On
the other hand, second opinion malware scanners confirm that rogue security
programs are still the most widely spread threats, holding the top positions.
What that means? Well, it means that most antivirus programs fail to detect
rogue AVs, especially those that are obfuscated and re-packed very often,
sometimes a couple of times a day.
So, Win 8 Security System is a rogue antivirus program that reports non-existent computer infections and tries to scare less computer savvy users into paying for completely useless antivirus solution. In most aspects, it's a very typical rogue. Win 8 Security System is a very generic term too. As the name suggests, cyber crooks would infect machines running Windows 8 rather than Windows XP or Seven. However, this rogue antivirus program works just fine on different versions of Windows.
Once installed, the rogue program pretends to scan the computer for malicious software. It manages to find a bunch of extremely dangerous and sophisticated malware on perfectly clean computers. The way it presents supposedly infected files would definitely put a smile on your faces if you were security expert. In order to remove supposedly detected malware infections victim has to pay almost 100 bucks. That’s probably the most expensive antivirus software you’ve ever seen.
The rogue antivirus program is configured so that it runs automatically when Windows starts. But that's not the biggest problem. Win 8 Security System has a rather complex self-protection mechanism. It drops a rootkit on infected machine which monitors PC activity and blocks pretty much all attempts to terminate the rogue program or run legitimate antivirus software. This scareware doesn't block Task Manager or Registry editor but that changes nothing. You can't just simply end the offending process and delete associated files. Any attempt to end its process will trigger the following error message.
So, Win 8 Security System is a rogue antivirus program that reports non-existent computer infections and tries to scare less computer savvy users into paying for completely useless antivirus solution. In most aspects, it's a very typical rogue. Win 8 Security System is a very generic term too. As the name suggests, cyber crooks would infect machines running Windows 8 rather than Windows XP or Seven. However, this rogue antivirus program works just fine on different versions of Windows.
Once installed, the rogue program pretends to scan the computer for malicious software. It manages to find a bunch of extremely dangerous and sophisticated malware on perfectly clean computers. The way it presents supposedly infected files would definitely put a smile on your faces if you were security expert. In order to remove supposedly detected malware infections victim has to pay almost 100 bucks. That’s probably the most expensive antivirus software you’ve ever seen.
The rogue antivirus program is configured so that it runs automatically when Windows starts. But that's not the biggest problem. Win 8 Security System has a rather complex self-protection mechanism. It drops a rootkit on infected machine which monitors PC activity and blocks pretty much all attempts to terminate the rogue program or run legitimate antivirus software. This scareware doesn't block Task Manager or Registry editor but that changes nothing. You can't just simply end the offending process and delete associated files. Any attempt to end its process will trigger the following error message.
No comments:
Post a Comment