Years ago, ads pushed by malware were painfully obvious. Often, you couldn't help but realize a machine was infected when a huge number of porn-pushing pop-ups brought a hapless PC to its knees.
Today, it's a different story. At the RSA security conference underway in San Francisco, security researchers talk of the much greater sophistication among the malware underground. Joe Stewart, director of malware research with SecureWorks, calls one such tactic an "Augmented Reality."
Instead of making themselves obvious with an in-your-face pop-up, malware changes something real that you'd normally see. These samples from F-Secure show ads added to the Google home page, and also the Windows XP startup screen, that were designed to fit in with what you'd normally see.
As in the real world, this increasing sophistication stems from an influx of profits. Dirty affiliate networks pay those who install the software on victim PCs, regardless of the means used. Huge commissions paid by the rogue AV makers can amount to thousands of dollars a day.
"It's really amazing, the kind of profit they're making," Stewart says. An affiliate can earn a 40 to 90 percent commission for every person who eventually pays for the fake scareware - regardless of how they were induced to do so.