-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Rogue AV using Search Engine Optimization
03/26/2020 
4 People found this article helpful
484,427 Views
Description
Rogue AV using Search Engine Optimization
Resolution
Rogue AV using Search Engine Optimization (Nov 3, 2009)
Rogue AntiVirus software is defined as malicious piece of code that deceives users into paying for removal of fake viruses that it generates alerts for. SonicWall UTM Research team published an alert describing various variants of Rogue AntiVirus that we saw back in August, 2009 - LINK.
Rogue AntiVirus software is defined as malicious piece of code that deceives users into paying for removal of fake viruses that it generates alerts for. SonicWall UTM Research team published an alert describing various variants of Rogue AntiVirus that we saw back in August, 2009 - LINK.
Rogue AntiVirus authors have used various social engineering techniques in order to spread the malware and infect the users. Some of the techniques are listed below:
- Drive-by downloads via infected websites or dedicated malicious websites
- Free online scanning service
- Software shared via P2P network
- Archive File attached in the e-mail
- Fake codec required to play certain video
Latest example of SEO leading to the drive-by download malicious website is shown below:
Search for "invisible extended hearing aids" in Google search engine and the very first result of the search leads you to a Rogue AntiVirus drive-by download website:
Note that the website seems to be compromized and is being used without victim's knowledge for malicious purposes. Google does a good job of removing such links from their indexes as soon as they find out but it usually takes more than a day which is enough for the Rogue AV authors to infect multiple users.
If the user clicks on the link above, it redirects them to a malicious site that generates a fake infection alert and runs the fake AntiVirus scan animation:
This leads to the download of a malicious executable file "install14300.exe" that compromises the victim machine.
SonicWall Gateway AntiVirus provides protection against above threat via GAV: FakeAV#html_3 (Trojan) and GAV: TDSS.AA_11 (Trojan) signatures
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO