Home > Unrefereed Conference Papers > Strategies for Monitoring Fake AV Distribution Networks |
LERSSE-UnrefConfPaper-2011-001 |
Onur Komili ; Kyle Zeeuwen ; Matei Ripeanu ; Konstantin Beznosov
05 October 2011
Abstract: We perform a study of Fake AV networks advertised via search engine optimization. We use a high interaction fetcher to repeatedly evaluate the networks by querying landing pages that redirect to Fake AV distribution sites. We identify several distinct Fake AV distribution networks, and we show that each network exhibits distinct updating behaviours. We propose optimizations for crawlers that explore Fake AV networks to leverage the strong fan-in property of these networks and, where possible, the periodic update behaviour of the network elements. We evaluate these optimizations and show that they can be used to drastically reduce the number of visits to the network, which in turn reduces the likelihood of being blacklisted.
Keyword(s): malware distribution networks ; adversarial blacklisting ; high interaction honeyclient ; scareware ; fake antivirus
Published in: Onur Komili, Kyle Zeeuwen, Matei Ripeanu, and Konstantin Beznosov. Strategies for Monitoring Fake AV Distribution Networks. In Proceedings of the 21st Virus Bulletin Conference, October 5-7, 2011.:
The record appears in these collections:
Unrefereed Conference Papers