The advance of computer and networking technologies has resulted in a significant increase in the number of people who use computers in their daily lives to conduct business, communicate with friends and co-workers, and store information. In performing these functions, users are often required to provide personally-identifiable and/or sensitive private information such as user names, passwords, account numbers, birth dates, social security numbers and credit card numbers. Because this information can be used for nefarious purposes, such as stealing identities, executing fraudulent purchases and other similar schemes, an entire class of software has evolved with the sole purpose of covertly gathering and transmitting this information to third parties. Such software, often referred to as “malware” or “spoof” software, comes in many forms and is designed to infiltrate a computer system such that its detection and removal is very difficult, especially for the casual computer user.
In response to these threats, legitimate computer software companies have introduced so-called “Anti-Virus” software, which is designed to identify and remove malware, spyware, and other potentially threatening applications. In some instances, the anti-virus software operates as an ongoing process and when new software is introduced onto the machine, the anti-virus software performs a pre-installation scan or file check to determine if the software is legitimate even before it is installed on the computer. These applications often present the user with a screen or other visual message that indicates a virus or other malware was found or is attempting to install itself on the user's machine, and instruct the user to take action. For example, the user may decide the application is legitimate and allow the installation, she may ask that the application be quarantined, or have the software removed.
With the onslaught of damaging viruses and computer-based identity threats, antivirus software has become a very large industry and users routinely purchase new applications. Some developers, however, have taken advantage of this vulnerability and now present such “warning” screens even without any evidence of malware or viruses on a computer, knowing that a large percentage of users will accept the installation of such software as a precaution. These applications often require users to purchase unneeded applications, and, in some cases, install malware or spyware of their own.
These applications, referred to herein as “rogue” software, essentially prey on the fears and concerns of consumers by focusing on a market with high demand (e.g., anti-virus, password management, browser plug-ins, etc.) but offer substandard products. To increase their appeal, developers of rogue software design their applications with a look and feel similar to that of reputable software applications, further confusing users. Recently, consumers have begun identifying these rogue programs and are demanding that legitimate anti-virus and malware detection applications trap these applications as well. What is needed, therefore, is a method and system for positively identifying rogue software applications that are designed to appear as legitimate applications, but in fact are not.