Are malware authors and spammers suffering from the same affliction of “word salad“, or are they perhaps devoted students of Afringlish? Why else would one combine random words in an attempt to look legitimate?

The reason is a simple one – not only are humans good at associating meaning to names, they are also exceptionally good at filling in the blanks, while machines are not. Thus, by carefully selecting particular names for insertion into the version information of malware samples, such as those of reputable software houses, the authors attempt to exploit this human condition. Presumably, they also hope to bypass security scanners which approve files based on such superficial attributes.

What on earth is a “BitTorrent Microsoft Enumerator”, how does it relate to “DirectX Avast” and is it really a product on offer from Salfeld Computer (a company that produces parental control software)? Sounds like a case of Confused Personality Disorder or a really bad $2 disguise.

Putting on a fancy wig and red nose won’t make you a clown, but double-clicking on files with such eclectic version information certainly will!