- Traditional malware (worms, viruses, trojans) that have unbounded malicious potential, and which should be tackled formally (i.e. without running the OS they infected)
- Commercial malware (spyware, adware, dialers, various revenue-redirection scams) that have to curb abusive behavior so their creators can plausibly deny malware status, and which are thus safe to tackle from within the infected OS
Currently, several commercial malware push the envelope:
- Clickless attack through software defects, e.g. Java exploits
- Active in Safe Mode
- Resist termination of in-memory threads
- Resist or DoS anti-malware removal tools
As long as the legal climate allows vandalism in the name of commerce, we can expect the boundary between commercial and traditional malware to be poorly defended. As technologists, we should get our tools ready; the need may soon be at hand.