000000267 001__ 267
000000267 005__ 20130522141945.0
000000267 037__ $$aLERSSE-UnrefConfPaper-2011-001
000000267 100__ $$aOnur Komili
000000267 245__ $$aStrategies for Monitoring Fake AV Distribution Networks
000000267 260__ $$c2011-10-05
000000267 300__ $$a9
000000267 520__ $$aWe perform a study of Fake AV networks advertised via search engine optimization. We use a high interaction fetcher to repeatedly evaluate the networks by querying landing pages that redirect to Fake AV distribution sites. We identify several distinct Fake AV distribution networks, and we show that each network exhibits distinct updating behaviours. We propose optimizations for crawlers that explore Fake AV networks to leverage the strong fan-in property of these networks and, where possible, the periodic update behaviour of the network elements. We evaluate these optimizations and show that they can be used to drastically reduce the number of visits to the network, which in turn reduces the likelihood of being blacklisted.
000000267 6531_ $$amalware distribution networks
000000267 6531_ $$aadversarial blacklisting
000000267 6531_ $$ahigh interaction honeyclient
000000267 6531_ $$ascareware
000000267 6531_ $$afake antivirus
000000267 700__ $$aKyle Zeeuwen
000000267 700__ $$aMatei Ripeanu
000000267 700__ $$aKonstantin Beznosov
000000267 8560_ $$fkylez@ece.ubc.ca
000000267 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/267/files/267.pdf$$yTransfer from CDS 0.99.7
000000267 909C4 $$pOnur Komili, Kyle Zeeuwen, Matei Ripeanu, and Konstantin Beznosov. Strategies for Monitoring Fake AV Distribution Networks. In Proceedings of the 21st Virus Bulletin Conference, October 5-7, 2011.
000000267 980__ $$aUnrefConfPaper