- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Rogue AV using Search Engine Optimization
03/26/2020 
3 People found this article helpful
194,919 Views
Description
Rogue AV using Search Engine Optimization
Resolution
Rogue AV using Search Engine Optimization (Nov 3, 2009)
Rogue AntiVirus software is defined as malicious piece of code that deceives users into paying for removal of fake viruses that it generates alerts for. SonicWall UTM Research team published an alert describing various variants of Rogue AntiVirus that we saw back in August, 2009 - LINK.
Rogue AntiVirus software is defined as malicious piece of code that deceives users into paying for removal of fake viruses that it generates alerts for. SonicWall UTM Research team published an alert describing various variants of Rogue AntiVirus that we saw back in August, 2009 - LINK.
Rogue AntiVirus authors have used various social engineering techniques in order to spread the malware and infect the users. Some of the techniques are listed below:
- Drive-by downloads via infected websites or dedicated malicious websites
- Free online scanning service
- Software shared via P2P network
- Archive File attached in the e-mail
- Fake codec required to play certain video
Latest example of SEO leading to the drive-by download malicious website is shown below:
Search for "invisible extended hearing aids" in Google search engine and the very first result of the search leads you to a Rogue AntiVirus drive-by download website:
Note that the website seems to be compromized and is being used without victim's knowledge for malicious purposes. Google does a good job of removing such links from their indexes as soon as they find out but it usually takes more than a day which is enough for the Rogue AV authors to infect multiple users.
If the user clicks on the link above, it redirects them to a malicious site that generates a fake infection alert and runs the fake AntiVirus scan animation:
This leads to the download of a malicious executable file "install14300.exe" that compromises the victim machine.
SonicWall Gateway AntiVirus provides protection against above threat via GAV: FakeAV#html_3 (Trojan) and GAV: TDSS.AA_11 (Trojan) signatures
Related Articles
- How to Setup the SonicWave 600 series
- Identical Access Rules for different users/user groups
- Advanced Network Security eLearning Training Course
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO