Fake anti-virus (also known as scareware) has grown over the years into a persistent and prevalent threat and is now one of the largest families of malware that we’ve seen in recent history.
In this new technical paper from SophosLabs, threat researcher Jagadeesh Chandraiah studies the evolution of fake anti-virus over the last three and a half years.
He looks at the major fake anti-virus events, infection vectors and some important anti-emulation/anti-reverse engineering (RE) tricks used by fake anti-virus packers.
He also analyses how exploit kits are used to infect users with fake anti-virus and studies how a polymorphic packer found in underground internet forums is used to encrypt and compress the malware binary.
Fake stamp image, courtesy of Shutterstock