Rogue software – an interesting overview

Hamish O’Dea at Microsoft Australia has just published a fascinating white paper about rogue software:

These programs, which display false alerts of system infection and ask for payment to ‘clean’ the system, have been around for years; however they have recently become more cunning, more sophisticated and more prevalent… This paper examines what has changed in the rogue landscape in recent times and compares their evolution to that of other types of malware. We look at the ways in which rogues are similar to other malware, from their distribution to the methods they use to evade detection and how they react to large-scale elimination by Windows Defender and the Malicious Software Removal Tool. We also examine what makes rogues unique and how they extend social engineering techniques beyond the point of getting the malware onto the system through to the user’s interaction with the malware itself and beyond. We look at how rogues deal with the distinct challenges of having a recognizable brand and the ways they take advantage of a user’s trust in their computing platform, from the operating system to the browser and even the search engine they use.

A very insightful analysis from somebody who obviously knows his stuff. Well worth reading.