1. Field of Disclosure
The disclosure generally relates to the field of computer security, in particular to detecting malicious software.
2. Description of the Related Art
Anti-malware applications often display user interfaces (UIs) to provide users with status/progress information. Because computers play an important role in people's daily life, computer users often pay close attention to such a UI. An increasing amount of malware has evolved to display a fake or misleading anti-malware UI (also called a “fakeAVUI”) resembling the UIs of the legitimate anti-malware applications. The fakeAVUI typically includes false alarming messages to coerce the viewers to take certain detrimental actions (e.g., purchasing rogue security software).
Existing malware detection applications are not effective in detecting malware with a fakeAVUI. For example, many existing malware detection techniques consider having a UI as an indicator of the underlying application being legitimate, and thus would not detect malware with a fakeAVUI.
Accordingly, there is a need for new techniques that can reliably detect malware with a fakeAVUI.