Microsoft Download Center Archive

Research paper: The modern rogue - malware with a face

  • Published:
  • Version: 1.0
  • Category: Document
  • Language: English

Research paper on Rogue antivirus software - originally presented at VB 2009

ABSTRACT

Over the past year we have seen a signifi cant increase inreports of the type of malware commonly known as roguesecurity products, or simply ‘rogues’. These programs, whichdisplay false alerts of system infection and ask for payment to‘clean’ the system, have been around for years; however theyhave recently become more cunning, more sophisticated andmore prevalent.

This paper examines what has changed in the rogue landscapein recent times and compares their evolution to that of othertypes of malware. We look at the ways in which rogues aresimilar to other malware, from their distribution to themethods they use to evade detection and how they react tolarge-scale elimination by Windows Defender and theMalicious Software Removal Tool. We also examine whatmakes rogues unique and how they extend social engineeringtechniques beyond the point of getting the malware onto thesystem through to the user’s interaction with the malware itselfand beyond. We look at how rogues deal with the distinctchallenges of having a recognizable brand and the ways theytake advantage of a user’s trust in their computing platform,from the operating system to the browser and even the searchengine they use.

By analysing rogues in the same way as we look at other typesof malware, we get a better idea of how they fi t into the overallthreat landscape. The rogue is usually the end product of amalware infection scenario – the fi nal payload. As opposed tospam bots, backdoors or password stealers, rogues try toobtain money directly from the user. A rogue differs from mostmalware only in that it has a face.

Author: Hamish O'Dea

Files

Status: Deleted

This download is no longer available on microsoft.com. The downloads below are archives provided by the Internet Archive Wayback Machine from the Microsoft Download Center prior to March 2016.

Files
ODea-VB2009.pdf
    ODea-VB2009.xps

      File sizes and hashes are retrieved from the Wayback Machine’s indexes. They may not match the latest versions of files hosted on Microsoft servers.

      This download includes .xps files. XPS was a Microsoft document format intended to replace PDF. To view these files, you may need to install the XPS Essentials Pack.

      System Requirements

      Operating Systems: Windows 2000, Windows 98, Windows NT, Windows Vista, Windows XP, Windows 7, Windows 95, Windows CE

      • XPS Reader or Adobe Acrobat reader

      Installation Instructions

      Download the research paper in the file format of your choice. It is available as an XPS or PDF. In order to view the XPS document, you will need to install the reader (included in Windows Vista) or to view the PDF document, you will need to install Adobe Acrobat reader.

      What is this?

      Microsoft regularly deletes downloads for prior versions of Windows, Office, Visual Studio, SQL Server, and countless other products from their Download Center website. Legacy Update catalogues downloads that have been deleted from Microsoft Download Center since 2012.

      Check our Microsoft Download Center Archive homepage or click Random to discover more downloads.

      Deleted downloads are no longer supported by Microsoft, and may have known security vulnerabilities. After installing, check for updates using Legacy Update.

      This page was generated from a snapshot of the Microsoft Download Center made on .
      FamilyId: 7a827fbd-c2a1-48bc-9e85-6b805d3e7e26