Home

An Analysis of Rogue AV Campaigns

Marco Cova; Corrado Leita; Olivier Thonnard; Angelos D. Keromytis; Marc Dacier

Title:
An Analysis of Rogue AV Campaigns
Author(s):
Cova, Marco
Leita, Corrado
Thonnard, Olivier
Keromytis, Angelos D.
Dacier, Marc
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Part Number:
6307
Book/Journal Title:
Recent Advances in Intrusion Detection: 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010: Proceedings
Book Author:
Jha, Somesh
Publisher:
Springer
Publisher Location:
New York
Abstract:
Rogue antivirus software has recently received extensive attention, justified by the diffusion and efficacy of its propagation. We present a longitudinal analysis of the rogue antivirus threat ecosystem, focusing on the structure and dynamics of this threat and its economics. To that end, we compiled and mined a large dataset of characteristics of rogue antivirus domains and of the servers that host them. The contributions of this paper are threefold. Firstly, we offer the first, to our knowledge, broad analysis of the infrastructure underpinning the distribution of rogue security software by tracking 6,500 malicious domains. Secondly, we show how to apply attack attribution methodologies to correlate campaigns likely to be associated to the same individuals or groups. By using these techniques, we identify 127 rogue security software campaigns comprising 4,549 domains. Finally, we contextualize our findings by comparing them to a different threat ecosystem, that of browser exploits. We underline the profound difference in the structure of the two threats, and we investigate the root causes of this difference by analyzing the economic balance of the rogue antivirus ecosystem. We track 372,096 victims over a period of 2 months and we take advantage of this information to retrieve monetization insights. While applied to a specific threat type, the methodology and the lessons learned from this work are of general applicability to develop a better understanding of the threat economies.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1007/978-3-642-15512-3_23
Item views:
193
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use