Look@me and Pay

Although the motives and means behind malware development have changed, most other aspects have stayed the same. Until recently the most successful malware tried to stay inconspicuous and unobtrusive for as long as possible; staying undetectable increased the chances for survival and successful replication. When we look at the top threats today we see malware targeting online gaming, Trojans trying to steal personal banking details and the most prevalent group of malicious applications: rogue security products (commonly referred to as Rogues). The latter consist of applications pretending to be legitimate anti-malware programs and requesting payments for the cleaning of non-existing infections. In order to solicit a payment, Rogues need to be as conspicuous as possible (displaying GUI, warning, progress bars, scanning logs etc). This malware needs to be in your face, the more the better. If this is true, then the presence of a Rogue isn’t difficult to spot and if so, how come Rogues are so widely spread and cause so much harm and present so many problems to the security industry. We will discuss these issues, look at some examples and numbers reported by Microsoft customers and users...