Fake Antivirus

Journey from Trojan to Persistent Threat

Fake antivirus (FakeAV) is one of the largest families of malware that we have seen in recent times. FakeAV has grown over the years to be a persistent and prevalent threat. In this paper, we study the evolution of FakeAV over the last three-and-a-half years. We analyze the major FakeAV events, infection vectors and some important anti-emulation/anti-reverse engineering (RE) tricks used by FakeAV packers. We also analyze how exploit kits are used to infect users with FakeAV and study how a polymorphic packer found in underground internet forums is used to encrypt and compress the malware binary.

Télécharger Fake Antivirus: Journey from Trojan to a Persistent Threat

In this paper, we study the evolution of FakeAV over the last three-and-a-half years. We analyze the major FakeAV events, infection vectors and some important anti-emulation/anti-reverse engineering (RE) tricks used by FakeAV packers. Télécharger maintenant

By Jagadeesh Chandraiah, Researcher, SophosLabs UK

download Essayez les produits Sophos gratuitement
Téléchargez maintenant

Commentaires des clients

« Sophos nous a fait économiser du temps, des ressources et de l'argent »
Sam Ghelfi, Raymond James

Lire la suite

Articles de presse et récompenses

Awards