|
Research paper: The modern rogue - malware with a face |
Research paper on Rogue antivirus software - originally presented at VB 2009
ABSTRACT
Over the past year we have seen a signifi cant increase in
reports of the type of malware commonly known as rogue
security products, or simply ‘rogues’. These programs, which
display false alerts of system infection and ask for payment to
‘clean’ the system, have been around for years; however they
have recently become more cunning, more sophisticated and
more prevalent.
This paper examines what has changed in the rogue landscape
in recent times and compares their evolution to that of other
types of malware. We look at the ways in which rogues are
similar to other malware, from their distribution to the
methods they use to evade detection and how they react to
large-scale elimination by Windows Defender and the
Malicious Software Removal Tool. We also examine what
makes rogues unique and how they extend social engineering
techniques beyond the point of getting the malware onto the
system through to the user’s interaction with the malware itself
and beyond. We look at how rogues deal with the distinct
challenges of having a recognizable brand and the ways they
take advantage of a user’s trust in their computing platform,
from the operating system to the browser and even the search
engine they use.
By analysing rogues in the same way as we look at other types
of malware, we get a better idea of how they fi t into the overall
threat landscape. The rogue is usually the end product of a
malware infection scenario – the fi nal payload. As opposed to
spam bots, backdoors or password stealers, rogues try to
obtain money directly from the user. A rogue differs from most
malware only in that it has a face.
Author: Hamish O'Dea
Files
|
Status: DeletedThis download is no longer available on microsoft.com. The downloads below are archives provided by the Internet Archive Wayback Machine from the Microsoft Download Center prior to March 2016. |
| Files |
|---|
ODea-VB2009.pdf
|
ODea-VB2009.xps
|
This download includes .xps files. XPS was a Microsoft document format intended to replace PDF. To view these files, you may need to install the XPS Essentials Pack.
System Requirements
Operating Systems: Windows 2000, Windows 98, Windows NT, Windows Vista, Windows XP, Windows 7, Windows 95, Windows CE
- XPS Reader or Adobe Acrobat reader
Installation Instructions
Download the research paper in the file format of your choice. It is available as an XPS or PDF. In order to view the XPS document, you will need to install the reader (included in Windows Vista) or to view the PDF document, you will need to install Adobe Acrobat reader.