Fake Antivirus

Journey from Trojan to Persistent Threat

Fake antivirus (FakeAV) is one of the largest families of malware that we have seen in recent times. FakeAV has grown over the years to be a persistent and prevalent threat. In this paper, we study the evolution of FakeAV over the last three-and-a-half years. We analyze the major FakeAV events, infection vectors and some important anti-emulation/anti-reverse engineering (RE) tricks used by FakeAV packers. We also analyze how exploit kits are used to infect users with FakeAV and study how a polymorphic packer found in underground internet forums is used to encrypt and compress the malware binary.

Download Fake Antivirus: Journey from Trojan to a Persistent Threat

In this paper, we study the evolution of FakeAV over the last three-and-a-half years. We analyze the major FakeAV events, infection vectors and some important anti-emulation/anti-reverse engineering (RE) tricks used by FakeAV packers. Download now

By Jagadeesh Chandraiah, Researcher, SophosLabs UK

download Try Sophos products for free
Download now

Customer quotes

"Sophos has saved us time, resources, and money"
Sam Ghelfi, Raymond James

Read more

Awards and Recognition

Awards