New research from Google underscores the breadth of fake antivirus operations on the Web.
An analysis of 240 million Web pages collected by Google’s malware detection infrastructure over a 13-month period discovered more than 11,000 domains involved in the distribution of rogue antivirus (AV). While that may be a small overall percentage, Google’s research found that fake AV accounts for 60 percent of the malware discovered on domains that include trending keywords.
According to Niels Provos, software engineer with Google’s Anti-Malware Team, the findings are part of a paper entitled “The Nocebo Effect on the Web: An Analysis of Fake AV Distribution,” which will be presented April 27 at the Workshop on Large-Scale Exploits and Emergent Threats in San Jose, Calif. The paper reveals some of the common characteristics of these scams, which have emerged as one of the most profitable criminal operations on the Internet.