2010
DOI: 10.1007/978-3-642-15512-3_23
|View full text |Cite
|
Sign up to set email alerts
|

An Analysis of Rogue AV Campaigns

Abstract: Abstract. Rogue antivirus software has recently received extensive attention, justified by the diffusion and efficacy of its propagation. We present a longitudinal analysis of the rogue antivirus threat ecosystem, focusing on the structure and dynamics of this threat and its economics.To that end, we compiled and mined a large dataset of characteristics of rogue antivirus domains and of the servers that host them. The contributions of this paper are threefold. Firstly, we offer the first, to our knowledge, bro… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
30
1

Year Published

2011
2011
2020
2020

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 41 publications
(32 citation statements)
references
References 19 publications
0
30
1
Order By: Relevance
“…Various security vendors have reported on potential revenue from scareware operations based on the number of infections that they observed [4,37]. Cova et al presented an analysis of the rogue antivirus structure and indirectly tried to measure the number of victims and profits based on poorly configured web servers used by several fake AV groups [6]. They estimated the conversion rate of infections to sales at 1.36%, which is slightly lower than the rates that we observed.…”
Section: Related Workmentioning
confidence: 53%
“…Various security vendors have reported on potential revenue from scareware operations based on the number of infections that they observed [4,37]. Cova et al presented an analysis of the rogue antivirus structure and indirectly tried to measure the number of victims and profits based on poorly configured web servers used by several fake AV groups [6]. They estimated the conversion rate of infections to sales at 1.36%, which is slightly lower than the rates that we observed.…”
Section: Related Workmentioning
confidence: 53%
“…DOMAntiPhish [33] alerts the user whenever she visits a phishing site with a layout similar to a trusted website. All these solutions help in preventing that the user is deceived in trusting a site similar to a known site she used in the past, but they do not prevent against other categories of scams, such as fake pharmacies and rogue antiviruses [7,39]. In contrast, our system is able to track advanced, previously unseen phishing attacks.…”
Section: Related Workmentioning
confidence: 99%
“…For example, prior work has studied the infrastructure used to support Rogue AV campaigns [11], fast-flux service networks [17], online scam infrastructure [18], command and control (C&C) networks [7], C&C migration [1], drop-zone infrastructure [15], and pay-per install infrastructure [6]. We consider a campaign to be a collection of domain names and IP addresses that serve a single malicious purpose and are associated with the same threat type, e.g., botnet C&C, drop-zones, etc.…”
Section: Related Workmentioning
confidence: 99%