As per reader’s feedback on my earlier blog “404 not just “File Not Found“, they wanted more information regarding how a Potentially Unwanted Program, called “System Doctor”, gets installed. So I will emphasis more on this programs behavior in this post.

System Doctor tries to fools users by utilizing images that are similar to a legitimate product from PC Tools called “Spyware Doctor” as shown below:

Installation on the victim’s machine is via an ActiveX control, as shown below, which needs user’s interaction:

Upon installation, System Doctor scans the user’s system and displays an “Error Message” box as shown below:

If the innocent user clicks on the “Repair Now” button he will redirected to another page, where they are asked for credit card details:

In my previous blog it was incorrectly reported as “Spyware Doctor” instead of “System Doctor”. Through further research and discussion, the software is in fact “System Doctor”, a rogue software product that attempts to leverage its similarity to the Spyware Doctor name. The blog entry has since been corrected. PC Tools and Spyware Doctor have no affiliation with System Doctor as per discussion with PC Tools.

We caution web users from entering their card details and CVV number into these masked doctors seen while surfing web as we continue to protect our customers against such social engineering attacks.