From using icons of popular applications to displaying windows and images to running normal applications (e.g., Notepad), malware have gone great lengths in attempting to hide their routines from affected users. Among the latest trends in stealth mechanism is best characterized by the ZLOB family of Trojans, known for posing as video codecs to lure unsuspecting users to download and execute them.

Recently, TrendLabs has detected WORM_SILLY.CQ, and its own twist in the malware game of hide-and-seek is that it installs Chinese Navigation 2.6.0.0 (aka Baidu Search Toolbar), China’s most popular Internet search engine. The Baidu Search Toolbar is usually seen in Internet Explorer’s standard button bar and address bar. Unfortunately, that’s not the only program WORM_SILLY.CQ installs, as it is designed to drop and download a slew of Trojans and spyware into an affected.

Installing “normal” programs is not really a novel technique, but given the worm’s specific target via its choice of program to install (i.e., Chinese computing population), it’s clear that the malware is banking on Baidu’s popularity in order to infect more users. On the other hand, the technique also spells bad news for the search engine maker because, unless otherwise intended, no software company really wants to be associated with malware, right? Users are thus encouraged to keep their pattern files updated in order to prevent infection of this worm (as well as its malicious components). Should they wish to remove Chinese Navigation toolbar, it can be simply uninstalled via Add/Remove Programs.