Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog

One for the Geeks...And Those that Aspire to Be

Created: 24 Aug 2008 • Updated: 05 Nov 2012
Doug McLean's picture
0 0 Votes
Login to vote

Jesper Johansson posted a really terrific piece entitled "Anatomy of a Malware Scam" on The Register Friday. Johansson is an All-Pro security expert and researcher and does a marvelous job of breaking down an extremely complicated scam into terms even most civilians can understand.

He not only explains the computer and social engineering gambits involved in this particular fake malware detection scheme, but analyzes the nature of the team that executed it. There is a LOT of sophisticated software engineering involved in this attack and if you had any doubts that the malware business has been taken over by professionals, this should put to rest any doubts. This fake anti-malware utility is in some ways better designed from a usability standpoint than some of the legitimate tools out there. The problem, of course, is that it's real purpose (or at least one of them) is to simply separate marks from their money.

A few of the things that should disturb you about this particular scam include:

1-How badly the legitimate anti-malware utilities did in identifying the actually malicious code it installs.It's kind of amusing that Microsoft's Malicious Software Removal Tool missed it, but AVG Freeware caught it...proving that in security software, free doesn't necessarily mean bad.

2-Johansson's speculation that this particular exploit might have the capability to identify when it is running on a virtual machine and take appropriate actions to cover its tracks.

3-The observation that when it comes to actually executing an attack, once a piece of malware is installed on a victim's system, time is on the bad guys' side. An exploit can sit dormant for weeks or months before awakening and stealing data or turning its host into yet another zombie in an ever expanding botnet.