Pierre's recent blog on fake invoices mentioned the problems we're seeing nowadays with Trojans masquerading as anti-virus or anti-spyware programs, and this reminded me that I blogged [link removed as no longer available - DH, 2017] on that topic recently at Quanta Security, one of the external sites for whom I have sometimes done pro bono consultancy or guest writing.
(If you don't get enough of my ramblings here, my other "outreach" blogs include have included Securiteam and (ISC)2 [I no longer blog at either of these - DH, 2017], not to mention my own blogs, which I'm afraid I haven't had time to revisit for many moons. [I didn't blog at ITsecurity, but, as at Quanta, I contributed answers to a security clinic. I no longer have any association with either of those sites - DH 2017])
I won't rewrite that one here and now, since you can just follow the link above, but I'm sure we'll be back to that topic in the near future: fake programs like XP Antivirus 2008 generate large (and fraudulent) profits. I also hear there's a fairly comprehensive article in the Register. El Reg isn't always the best source of security information (and some of its writers are sometimes a little anti-AV), but this one is both interesting and generally accurate, though I do have a minor issue with it:
My guess is that people will see the fact that some companies were named as detecting a particular malicious binary as an endorsement of those products, though I very much doubt if that was what the writer intended. The sad fact is that every time you send a file to VirusTotal, you're likely to get a different set of vendor IDs or non-identifications each time. In fact, you may even find that a vendor identifies a single file as one thing the first time you send it, and a slightly different thing if you send it again later. This simply reflects the fact that sometimes labels change as companies find out more about the malware.
David Harley
Malware Intelligence Team