Malicious computer programs (“malware”) continue to evolve at an alarming pace. One particularly nefarious form of malware that has experienced tremendous growth is commonly known as a misleading or rogue software application. Misleading applications typically intentionally misrepresent the security status of a user's computer in an attempt to deceive or mislead the user into paying for the fake or simulated removal of malware, security risks, and/or unwanted programs and files.
For example, a misleading application may be installed via a browser exploit or through a social-engineering ruse (such as a fake codec) that tricks a user into installing the application. Once installed, the misleading application may constantly generate taskbar or desktop messages and notifications that suggest that various unwanted computer programs and files (such as viruses or pornographic images) are present on the user's computer. The misleading application may then offer to remove the unwanted items from the user's computer for a fee.
Unfortunately, because these misleading applications do not perform any actual security services, users that pay the fees requested by misleading applications simply pay for nonexistent services. Worse still, the authors of misleading applications may use such a transaction to procure credit and personal information that may be used to commit credit or identity fraud. Misleading applications may also consume system resources, disable system or security-software updates, and/or expose users to additional security threats by lulling users into a false sense of security or by installing additional malware.
Unfortunately, the constant and rapid evolution of malware has made it extremely difficult for security-software programs that employ traditional signature-based technologies to prevent such threats. As such, the instant disclosure identifies a need for systems and methods for reliably and accurately detecting fraudulent applications that generate misleading messages.