Gone rogue

An analysis of rogue security software campaigns

Marco Cova, Corrado Leita, Olivier Thonnard, Angelos Keromytis, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

In the past few years, Internet miscreants have developed a number of techniques to defraud and make a hefty profit out of their unsuspecting victims. A troubling, recent example of this trend is cybercriminals distributing rogue security software, that is malicious programs that, by pretending to be legitimate security tools (e.g., anti-virus or anti-spyware), deceive users into paying a substantial amount of money in exchange for little or no protection. While the technical and economical aspects of rogue security software (e.g., its distribution and monetization mechanisms) are relatively well-understood, much less is known about the campaigns through which this type of malware is distributed, that is what are the underlying techniques and coordinated efforts employed by cyber-criminals to spread their malware. In this paper, we present the techniques we used to analyze rogue security software campaigns, with an emphasis on the infrastructure employed in the campaign and the life-cycle of the clients that they infect.

Original languageEnglish
Title of host publicationEC2ND 2009 - European Conference on Computer Network Defense
Pages1-3
Number of pages3
DOIs
Publication statusPublished - 2010
Externally publishedYes
EventEuropean Conference on Computer Network Defense, EC2ND 2009 - Milano
Duration: 9 Nov 200910 Nov 2009

Other

OtherEuropean Conference on Computer Network Defense, EC2ND 2009
CityMilano
Period9/11/0910/11/09

Fingerprint

Computer viruses
Life cycle
Profitability
Internet
Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Cova, M., Leita, C., Thonnard, O., Keromytis, A., & Dacier, M. (2010). Gone rogue: An analysis of rogue security software campaigns. In EC2ND 2009 - European Conference on Computer Network Defense (pp. 1-3). [5494349] https://doi.org/10.1109/EC2ND.2009.8

Gone rogue : An analysis of rogue security software campaigns. / Cova, Marco; Leita, Corrado; Thonnard, Olivier; Keromytis, Angelos; Dacier, Marc.

EC2ND 2009 - European Conference on Computer Network Defense. 2010. p. 1-3 5494349.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Cova, M, Leita, C, Thonnard, O, Keromytis, A & Dacier, M 2010, Gone rogue: An analysis of rogue security software campaigns. in EC2ND 2009 - European Conference on Computer Network Defense., 5494349, pp. 1-3, European Conference on Computer Network Defense, EC2ND 2009, Milano, 9/11/09. https://doi.org/10.1109/EC2ND.2009.8
Cova M, Leita C, Thonnard O, Keromytis A, Dacier M. Gone rogue: An analysis of rogue security software campaigns. In EC2ND 2009 - European Conference on Computer Network Defense. 2010. p. 1-3. 5494349 https://doi.org/10.1109/EC2ND.2009.8
Cova, Marco ; Leita, Corrado ; Thonnard, Olivier ; Keromytis, Angelos ; Dacier, Marc. / Gone rogue : An analysis of rogue security software campaigns. EC2ND 2009 - European Conference on Computer Network Defense. 2010. pp. 1-3
@inproceedings{59c1631f26614400b9aa81e5eba9f26c,
title = "Gone rogue: An analysis of rogue security software campaigns",
abstract = "In the past few years, Internet miscreants have developed a number of techniques to defraud and make a hefty profit out of their unsuspecting victims. A troubling, recent example of this trend is cybercriminals distributing rogue security software, that is malicious programs that, by pretending to be legitimate security tools (e.g., anti-virus or anti-spyware), deceive users into paying a substantial amount of money in exchange for little or no protection. While the technical and economical aspects of rogue security software (e.g., its distribution and monetization mechanisms) are relatively well-understood, much less is known about the campaigns through which this type of malware is distributed, that is what are the underlying techniques and coordinated efforts employed by cyber-criminals to spread their malware. In this paper, we present the techniques we used to analyze rogue security software campaigns, with an emphasis on the infrastructure employed in the campaign and the life-cycle of the clients that they infect.",
author = "Marco Cova and Corrado Leita and Olivier Thonnard and Angelos Keromytis and Marc Dacier",
year = "2010",
doi = "10.1109/EC2ND.2009.8",
language = "English",
isbn = "9780769539836",
pages = "1--3",
booktitle = "EC2ND 2009 - European Conference on Computer Network Defense",

}

TY - GEN

T1 - Gone rogue

T2 - An analysis of rogue security software campaigns

AU - Cova, Marco

AU - Leita, Corrado

AU - Thonnard, Olivier

AU - Keromytis, Angelos

AU - Dacier, Marc

PY - 2010

Y1 - 2010

N2 - In the past few years, Internet miscreants have developed a number of techniques to defraud and make a hefty profit out of their unsuspecting victims. A troubling, recent example of this trend is cybercriminals distributing rogue security software, that is malicious programs that, by pretending to be legitimate security tools (e.g., anti-virus or anti-spyware), deceive users into paying a substantial amount of money in exchange for little or no protection. While the technical and economical aspects of rogue security software (e.g., its distribution and monetization mechanisms) are relatively well-understood, much less is known about the campaigns through which this type of malware is distributed, that is what are the underlying techniques and coordinated efforts employed by cyber-criminals to spread their malware. In this paper, we present the techniques we used to analyze rogue security software campaigns, with an emphasis on the infrastructure employed in the campaign and the life-cycle of the clients that they infect.

AB - In the past few years, Internet miscreants have developed a number of techniques to defraud and make a hefty profit out of their unsuspecting victims. A troubling, recent example of this trend is cybercriminals distributing rogue security software, that is malicious programs that, by pretending to be legitimate security tools (e.g., anti-virus or anti-spyware), deceive users into paying a substantial amount of money in exchange for little or no protection. While the technical and economical aspects of rogue security software (e.g., its distribution and monetization mechanisms) are relatively well-understood, much less is known about the campaigns through which this type of malware is distributed, that is what are the underlying techniques and coordinated efforts employed by cyber-criminals to spread their malware. In this paper, we present the techniques we used to analyze rogue security software campaigns, with an emphasis on the infrastructure employed in the campaign and the life-cycle of the clients that they infect.

UR - http://www.scopus.com/inward/record.url?scp=84869753428&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869753428&partnerID=8YFLogxK

U2 - 10.1109/EC2ND.2009.8

DO - 10.1109/EC2ND.2009.8

M3 - Conference contribution

SN - 9780769539836

SP - 1

EP - 3

BT - EC2ND 2009 - European Conference on Computer Network Defense

ER -