During our daily research and quest to locate harmful software we come across many types of applications and application components. Our current database has literally millions of file samples from users with potentially infected systems. Part of any researchers duty, is to look at the various properties of a file such as installed location, internal version information, linked libraries and other items that can provide "clues" about what the software actually does and if it represents a potential  threat. Many times we have files that are not in their native environment, meaning that we have a few samples of the file, but not the entire system configuration they were originally installed. This can make it difficult to properly differentiate between harmful and legitimate software components.

Spyware/Malware applications often try to disguise themselves as legitimate software components by using the same name as a windows component but place themselves in a...

Posted by Nick