It struck me today how much things have changed in the handful of years I’ve been looking at malware. It used to be that they would frequently give you some little message box or image to make you think you hadn’t just run something nasty or non-functional. But lately that’s fallen out of fashion - I can’t actually remember the last time I saw something that actually went to that much effort! But today I got something that reminded me of those old tactics, a new W32/Feebs variant.

This pretends to be an installer for Online Trading software, including a set of almost-compelling looking installation screens:

It’s a bit less convincing if you actually go to look for the installed product, as there’s no Program Files folder like it says it’s creating.

I wonder why it is this sort of technique fell out of favor. I would think it’s a warm and fuzzy sort of reassurance to the hapless user that should happen to double-click this malware that maybe what they clicked isn’t evil. (Of course they’d be wrong, but that’s beside the point - it’s all about user perception here!) Instead, most malware give nothing at all. No error, no image, no message box. Wouldn’t that seem particularly fishy to even an uninformed user? Wouldn’t this prompt phone calls to someone more knowledgeable? (i.e. “Hey, my ISP says if I don’t run this file to update my account, I’m gonna get shut off. But the file doesn’t do anything when I run it. I better see what’s wrong!”)

I’m guessing it doesn’t, considering how popular these “silent” malware are now… though I imagine as the general user-base knowledge level goes up in the years to come, perhaps we’ll see a resurgence of these malware with distraction-screens.