Multiple personality disorder?

Filed Under: SophosLabs

Are malware authors and spammers suffering from the same affliction of "word salad", or are they perhaps devoted students of combine random words in an attempt to look legitimate?

The reason is a simple one - not only are humans good at associating meaning to names, they are also exceptionally good at filling in the blanks, while machines are not. Thus, by carefully selecting particular names for insertion into the version information of malware samples, such as those of reputable software houses, the authors attempt to exploit this human condition. Presumably, they also hope to bypass security scanners which approve files based on such superficial attributes.

What on earth is a "BitTorrent Microsoft Enumerator", how does it relate to "DirectX Avast" and is it really a product on offer from Salfeld Computer (a company that produces parental control software)? Sounds like a case of Confused Personality Disorder or a really bad $2 disguise.

Putting on a fancy wig and red nose won't make you a clown, but double-clicking on files with such eclectic version information certainly will!

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s