Fake Antivirus

Journey from Trojan to Persistent Threat

Fake antivirus (FakeAV) is one of the largest families of malware that we have seen in recent times. FakeAV has grown over the years to be a persistent and prevalent threat. In this paper, we study the evolution of FakeAV over the last three-and-a-half years. We analyze the major FakeAV events, infection vectors and some important anti-emulation/anti-reverse engineering (RE) tricks used by FakeAV packers. We also analyze how exploit kits are used to infect users with FakeAV and study how a polymorphic packer found in underground internet forums is used to encrypt and compress the malware binary.

Download Fake Antivirus: Journey from Trojan to a Persistent Threat

In this paper, we study the evolution of FakeAV over the last three-and-a-half years. We analyze the major FakeAV events, infection vectors and some important anti-emulation/anti-reverse engineering (RE) tricks used by FakeAV packers. Zum Download

By Jagadeesh Chandraiah, Researcher, SophosLabs UK

Download Sophos Produkte kostenlos testen
Jetzt downloaden

Kundenmeinungen

„Dank Sophos konnten wir Zeit, Geld und Ressourcen sparen.“
Sam Ghelfi, Raymond James

Weiterlesen (englisch)

Auszeichnungen und Preise

Awards