The obvious problem with cyber-crime is that, unlike decent murdering and burglarizing criminals, they are intelligent enough to make a fool of you and your anti-viral software by using insidious methods, which are difficult to recognize. Five of their (albeit outdated) tricks have been reviewed by Erik Larkin of Yahoo.
The first one is the Glieder.H Trojan which, as many others, uses a multistage infection. The trojan has a list of processes it tries to kill, all of them associated to anti-virus programs and the mechanisms they use for updating themselves in particular. When the security is down, the trojan proceeds to download other infections from URL’s hardcoded in it’s structure.
The second one, the “Gozi Trojan”, is responsible for stealing data encrypted using SSL/TSL. Some examples of encrypted data on the net include banking details and other such crucial information. What the Gozi Trojan does is it masquerades as part of the process, therefore, the data goes through the trojan before it gets encrypted. The effectiveness of this trojan is due to IE flaws, which as most of us came to learn are too numerous for it to be ‘the browser’.
The third one Larkin lists, the SpamThru Trojan, is a bastard in the strongest meaning of the word. Not only does it fool users’ AV systems, but it even downloads a pirated and patched version of Kaspersky AV to dispose of other malware, leaving only itself, the lone looter, with your computer by the balls.
Another old but still widely used tactic is that first demonstrated by the SpyAgent Trojan. It creates an administrator account of it’s own and encrypts it’s own files using the generic encryption system found in the majority of Windows OS’. To remove the files one would actually have to guess the account’s password (or use software to do so).
Last, but not least, there is the Jowspry Trojan, one reason among others, why I keep Windows automatic update off at all times. The Jowspry Trojan along with its successors uses the mask of an innocent Windows update to deceive firewalls and “update” your system with all sorts of infections. A nice update if I ever saw one.
All of these methods have been updated many times over the years becoming the sophisticated threats security vendors have to fight today.