Lavasoft Malware Labs Addresses Explosive Rise in Twilight Zone Rogues

Gothenburg, Sweden
(April 23, 2009)
-

Malware Labs at Lavasoft announced today the release of a new white paper addressing the explosive rise in rogue security software and exploring the benefits of using derivatives of existing legislation to form a strategic basis of detection criteria, and looking at how consumer protective legislation may be strengthened by the input or experiences of the anti-malware industry.

Industry experts have reported a five-fold year-on-year increase in the number of rogue applications invading the Internet.

Rogue security software, also called scareware, are applications that appear to be beneficial from a security perspective but provide little or no security through deceptive tactics, or attempts to lure users into participating in fraudulent transactions.

"Levels of rogue applications have increased dramatically. However, not all applications can be easily classified, as borderline, or Twilight Zone applications are becoming more prevalent," says Pekka Andelin, malware analyst at Lavasoft. "There has been a shift from forced installations, or other clear rogue behavior, towards a direction where the rogue application may be harder to spot and pinpoint, posing new challenges for the anti-malware industry," continues Andelin.

In order to research and classify potential malicous applications, anti-malware software providers formulate their own detection criteria for what is considered threatening to computer system integrity or user privacy. Some applications walk the line in a twilight zone between proper and improper practices, making them harder to index than others - and opening the door for complaints from the applications' vendor over wrongful classification by legitimate Internet security companies. If a vendor complaint against the indexation of a certain application escalates to a lawsuit, the strategic basis of detection criteria is tested against the law.

The whitepaper further explores how the existing consumer protective legislation could be strengthened by the input or experiences of the anti-malware industry. The full whitepaper is available online in the Lavasoft Security Center at www.lavasoft.com.

About the Author

Pekka Andelin is a malware analyst with Malware Labs at Lavasoft, the anti-spyware pioneer and an industry leader in online security. With a background in computer science, Andelin's expertise lies in malware analysis, threat research, and IT security.