skip to main |
skip to sidebar
We
came across a new rogue security program called Win 8 Security
System a few days ago.
It's been quite some time since we discussed rogue anti-virus software. The
truth is there wasn't much to say about scareware apart from some slightly
modified or extremely buggy pieces of malicious code that couldn't even load
properly. Anyway, rogue security products are not completely gone yet but
rather replaced with ransomware. On the other hand, second opinion malware
scanners confirm that rogue security programs are still the most widely spread
threats, holding the top positions. What that means? Well, it means that most
antivirus programs fail to detect rogue AVs, especially those that are
obfuscated and re-packed very often, sometimes a couple of times a day.
So, Win 8 Security System is a rogue
antivirus program that reports non-existent computer infections and tries to
scare less computer savvy users into paying for completely useless antivirus
solution. In most aspects, it's a very typical rogue. Win 8 Security System is
a very generic term too. As the name suggests, cyber crooks would infect
machines running Windows 8
rather than Windows XP or
Seven. However, this rogue antivirus program works just fine on different
versions of Windows.
Once installed, the rogue program pretends
to scan the computer for malicious software. It manages to find a bunch of
extremely dangerous and sophisticated malware on perfectly clean computers. The
way it presents supposedly infected files would definitely put a smile on your
faces if you were security expert. In order to remove supposedly detected
malware infections victim has to pay almost 100 bucks. That’s probably the most
expensive antivirus software
you’ve ever seen.
The rogue antivirus program is configured so
that it runs automatically when Windows starts. But that's not the biggest
problem. Win 8 Security System has a rather complex self-protection mechanism.
It drops a rootkit on infected machine which monitors PC activity and blocks
pretty much all attempts to terminate the rogue program or run legitimate
antivirus software. This scareware doesn't block Task Manager or Registry
editor but that changes nothing. You can't just simply end the offending
process and delete associated files. Any attempt to end its process will
trigger the following error message.
The file is locked and protected by the rootkit known as
Rootkit.Win32.Necurs.gen. As a matter of fact, detection rates are amazingly
low for this rootkit. Cyber crooks did a great job and apparently spent many
hours fine-tuning this malware. What is more, crooks made a different rootkit
which works on 64-bit systems. It even has a valid certificate. Such
combination can be very successful which means it's along term investment. We
will probably see new variants of this malware soon and that's not very exciting.
When running, Win 8 Security
System displays fake security
alerts and pop-ups, mostly claiming that your computer is infected with spyware
and Trojans that can steal your sensitive information. Simply ignore those fake
alerts.
Furthermore, the rogue program displays a fake Security Center window claiming
that your computer is not protected and encouraging you to purchase the full
version of Win 8 Security System to protect your computer from malware attacks
that exploit software vulnerabilities. For Windows Seven and Windows 8 the
rogue program displays a fake Action Center window.
Last, but not least, the rogue program displays fake Win 8 Security System
ALERT in Internet Explorer, Mozilla Firefox, and Google Chrome. The fake web
browser security alerts claims that the website you're about to visit is
infected with malware. If you choose to continue surfing the web unprotected
you will be able to access requested website but only for a short period of
time, then the fake warning message will appear again. Anyhow, it's still
better than having no access to your web browser whatsoever.
Here's an example of Win 8 Security
System payment page. As you
can see in the image below, cyber crooks added to Comodo safe site graphics to
make the payment page look more reliable and professional. Of course, the
payment page is hardly safe. DO NOT pay for the bogus security program.The file
is locked and protected by the rootkit known as Rootkit.Win32.Necurs.gen. As a
matter of fact, detection rates are amazingly low for this rootkit. Cyber
crooks did a great job and apparently spent many hours fine-tuning this
malware. What is more, crooks made a different rootkit which
works on 64-bit systems. It even has a valid certificate. Such combination
can be very successful which means it's along term investment. We will probably
see new variants of this malware soon and that's not very exciting.
When running, Win 8 Security System displays fake security alerts and pop-ups,
mostly claiming that your computer is infected with spyware and Trojans that
can steal your sensitive information. Simply ignore those fake alerts.
Furthermore, the rogue program displays a fake Security Center
window claiming that your computer is not protected and encouraging you to
purchase the full version of Win 8 Security System to protect your computer
from malware attacks that exploit software vulnerabilities. For Windows Seven
and Windows 8 the rogue program displays a fake Action Center window.
Call Us +1-855-517-2433 (Toll
Free)