Pierre’s recent blog on fake invoices mentioned the problems we’re seeing nowadays with Trojans masquerading as anti-virus or anti-spyware programs, and this reminded me that I blogged on that topic recently at Quanta Security, one of the external sites for whom I sometimes do pro bono consultancy or guest writing.
(If you don’t get enough of my ramblings here, my other "outreach" blogs include Securiteam and (ISC)2, not to mention my own Small Blue-Green Blog, which I’m afraid I haven’t had time to revisit for many moons. I don’t blog at ITsecurity, but, as at Quanta, I contribute answers to a security clinic.)
I won’t rewrite that one here and now, since you can just follow the link above, but I’m sure we’ll be back to that topic in the near future: fake programs like XP Antivirus 2008 generate large (and fraudulent) profits. I also hear there’s a fairly comprehensive article in the Register. El Reg isn’t always the best source of security information (and some of its writers are sometimes a little anti-AV), but this one is both interesting and generally accurate, though I do have a minor issue with it:
My guess is that people will see the fact that some companies were named as detecting a particular malicious binary as an endorsement of those products, though I very much doubt if that was what the writer intended. The sad fact is that every time you send a file to VirusTotal, you’re likely to get a different set of vendor IDs or non-identifications each time. In fact, you may even find that a vendor identifies a single file as one thing the first time you send it, and a slightly different thing if you send it again later. This simply reflects the fact that sometimes labels change as companies find out more about the malware.
Malware Intelligence Team
Author David Harley, ESET