Detecting fake anti-virus software distribution webpages

Attackers are continually seeking novel methods to distribute malware. Among various approaches, fake Anti-Virus (AV) attacks represent an active trend for malware distribution. In a fake AV attack, attackers disguise malware as legitimate anti-virus software and convince users to install it. As web...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2015-03, Vol.49, p.95-106
Main Authors: Kim, Dae Wook, Yan, Peiying, Zhang, Junjie
Format: Article
Language:English
Subjects:
Anti-virus software
Computer viruses
Denial of service attacks
Fake anti-virus software
Internet
Intrusion detection
Intrusion detection systems
Malware
Network security
Statistical classification
Studies
Web browsers
Web document analysis
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Attackers are continually seeking novel methods to distribute malware. Among various approaches, fake Anti-Virus (AV) attacks represent an active trend for malware distribution. In a fake AV attack, attackers disguise malware as legitimate anti-virus software and convince users to install it. As web browsers become the most popular applications for users to access online resources, webpages have become the dominating means to launch fake AV attacks. In this paper, we presented an automated and effective detection system, namely DART, to identify fake AV webpages in the Internet. We proposed a collection of novel features to characterize an unknown webpage and then integrate them using statistical classifiers. These features focus on profiling a fake AV webpage from three aspects that are fundamentally important for its success, thereby resulting in the high detection accuracy and implying resistance against evasion attempts. We have performed extensive evaluation based on real fake AV webpages that are collected from the Internet. Experimental results have demonstrated that DART can accomplish a high detection rate of 90.4% at an extremely low false positive rate of 0.2%.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2014.11.008