An Analysis of Rogue AV Campaigns

13 years 2 months ago

Download www.cs.columbia.edu

Abstract. Rogue antivirus software has recently received extensive attention, justiﬁed by the diﬀusion and eﬃcacy of its propagation. We present a longitudinal analysis of the rogue antivirus threat ecosystem, focusing on the structure and dynamics of this threat and its economics. To that end, we compiled and mined a large dataset of characteristics of rogue antivirus domains and of the servers that host them. The contributions of this paper are threefold. Firstly, we oﬀer the ﬁrst, to our knowledge, broad analysis of the infrastructure underpinning the distribution of rogue security software by tracking 6,500 malicious domains. Secondly, we show how to apply attack attribution methodologies to correlate campaigns likely to be associated to the same individuals or groups. By using these techniques, we identify 127 rogue security software campaigns comprising 4,549 domains. Finally, we contextualize our ﬁndings by comparing them to a diﬀerent threat ecosystem, that of bro...

Marco Cova, Corrado Leita, Olivier Thonnard, Angel

Real-time Traffic

Antivirus | Computer Networks | RAID 2010 | Rogue Security Software | Threat Ecosystem |

claim paper

Post Info
More Details (n/a)

Added	30 Jan 2011
Updated	30 Jan 2011
Type	Journal
Year	2010
Where	RAID
Authors	Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, Marc Dacier

Comments (0)

Sciweavers

An Analysis of Rogue AV Campaigns

Antivirus | Computer Networks | RAID 2010 | Rogue Security Software | Threat Ecosystem |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers