- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Rogue AV using Search Engine Optimization
03/26/2020 
3 People found this article helpful
43,471 Views
Description
Rogue AV using Search Engine Optimization
Resolution
Rogue AV using Search Engine Optimization (Nov 3, 2009)
Rogue AntiVirus software is defined as malicious piece of code that deceives users into paying for removal of fake viruses that it generates alerts for. SonicWall UTM Research team published an alert describing various variants of Rogue AntiVirus that we saw back in August, 2009 - LINK.
Rogue AntiVirus software is defined as malicious piece of code that deceives users into paying for removal of fake viruses that it generates alerts for. SonicWall UTM Research team published an alert describing various variants of Rogue AntiVirus that we saw back in August, 2009 - LINK.
Rogue AntiVirus authors have used various social engineering techniques in order to spread the malware and infect the users. Some of the techniques are listed below:
- Drive-by downloads via infected websites or dedicated malicious websites
- Free online scanning service
- Software shared via P2P network
- Archive File attached in the e-mail
- Fake codec required to play certain video
Latest example of SEO leading to the drive-by download malicious website is shown below:
Search for "invisible extended hearing aids" in Google search engine and the very first result of the search leads you to a Rogue AntiVirus drive-by download website:
Note that the website seems to be compromized and is being used without victim's knowledge for malicious purposes. Google does a good job of removing such links from their indexes as soon as they find out but it usually takes more than a day which is enough for the Rogue AV authors to infect multiple users.
If the user clicks on the link above, it redirects them to a malicious site that generates a fake infection alert and runs the fake AntiVirus scan animation:
This leads to the download of a malicious executable file "install14300.exe" that compromises the victim machine.
SonicWall Gateway AntiVirus provides protection against above threat via GAV: FakeAV#html_3 (Trojan) and GAV: TDSS.AA_11 (Trojan) signatures
Related Articles
- All associated wildcard FQDN IP addresses do not display in the web browser
- How to Re-Install The Junk Store
- SonicWall NSv Series FAQ
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO