An Analysis of Rogue AV Campaigns

11 years 10 months ago
An Analysis of Rogue AV Campaigns
Abstract. Rogue antivirus software has recently received extensive attention, justified by the diffusion and efficacy of its propagation. We present a longitudinal analysis of the rogue antivirus threat ecosystem, focusing on the structure and dynamics of this threat and its economics. To that end, we compiled and mined a large dataset of characteristics of rogue antivirus domains and of the servers that host them. The contributions of this paper are threefold. Firstly, we offer the first, to our knowledge, broad analysis of the infrastructure underpinning the distribution of rogue security software by tracking 6,500 malicious domains. Secondly, we show how to apply attack attribution methodologies to correlate campaigns likely to be associated to the same individuals or groups. By using these techniques, we identify 127 rogue security software campaigns comprising 4,549 domains. Finally, we contextualize our findings by comparing them to a different threat ecosystem, that of bro...
Marco Cova, Corrado Leita, Olivier Thonnard, Angel
Added 30 Jan 2011
Updated 30 Jan 2011
Type Journal
Year 2010
Where RAID
Authors Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, Marc Dacier
Comments (0)