2009年9月1日星期二

Standard User Malware

I've written before about fake anti-malware, also known as scareware, what a popular threat it is and how anti-malware seems to do a bad job detecting it. The detection rates are pretty consistently bad.

Here's one of the big reasons.

Some fake anti-malware is actually malicious code, infecting your computer just like any other Trojan. But some is not: All it does is put on a show for you of finding malware and then try to trick you out of money. It doesn't do anything malicious in the sense of stealing passwords, or spreading to other computers or modifying your HOSTS file. So anti-malware products looking for malicious behavior won't find it, and the only way they can stop it is with a signature, and we know that signature response is getting less reliable over time.

Jesper Johansson calls it "Standard User Malware" because it doesn't require any administrator access. It only touches user resources. In this sense it is "well-behaved."

Of course, fake anti-malware does plenty of damage by ripping off innocent people, as Johansson recounts.

没有评论:

发表评论