The modern rogue - malware with a face

Hamish O'Dea Microsoft

Over the past year we have seen a significant increase in reports of the type of malware commonly known as rogue security products, or simply 'rogues'. These programs, which display false alerts of system infection and ask for payment to 'clean' the system, have been around for years; however they have recently become more cunning, more sophisticated and more prevalent.

This paper examines what has changed in the rogue landscape in recent times and compares their evolution to that of other types of malware. We look at the ways that rogues are similar to other malware, from their distribution to the methods they use to evade detection, and how they react to large-scale elimination by Windows Defender and the Malicious Software Removal Tool (MSRT). We also examine what makes rogues unique and how they extend social engineering techniques beyond the point of getting the malware onto the system through to the user's interaction with the malware itself and beyond. We look at how rogues deal with the distinct challenges of having a recognisable brand and the ways they take advantage of a user's trust in their computing platform, from the operating system to the browser and even the search engine they use.

By analysing rogues in the same way as we look at other types of malware, we get a better idea of how they fit into the overall threat landscape. The rogue is usually the end product of a malware infection scenario - the final payload. As opposed to spam bots, backdoors or password stealers, rogues try to obtain money directly from the user. A rogue differs from most malware only in that it has a face.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 22 comments

AusCert2014

Jobs
In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 231,281 registered users.