1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: VirusDoctor Activity

System Infected: VirusDoctor Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to download FakeAV executable over HTTP.

Additional Information

FakeAV executable when executed may allow remote attackers to take control over compromised user systems, also it further may download a fake antivirus software.

Affected

  • Various Windows platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube