Yesterday we blogged about the most recent rogue security product in the WiniGuard family, TheDefend. Patrick Jordan had observed that a new clone was appearing about every two days. Overnight the pace picked up and loyal blog reader Fatdcuk let us know about yet another. He left us a comment: “SysDefence went live about 3 hours ago. They’re flying off the conveyor belt today.”
Patrick analyzed it and plunked it in the WiniGuard family, and our detections, as SysDefence.FakeSmoke.
The GUI is identical to TheDefend except the name.
Thanks Fatdcuk. Thanks Patrick.