Google on Fake AV

“For years, we have detected malicious content on the web and helped protect users from it,” says Niels Provos, an engineer from the company’s Security Team, in a blog post.

They have witnessed the rise of drive-by downloads and social engineering attacks, and they have followed and analyzed the growing threat that is the Fake AV.

In the last 13 months, they have analyzed over 240 million web pages, and they have discovered some 11,000 domains distributing Fake AV, which makes 15% of all the domains that were spreading malware during that period.

Their analysis also revealed that there are some traits that set Fake AV apart from other malware – for example, Fake AV attacks occur frequently via sites like spam web sites and on-line Ads. At this moment, Fake AV software represents 50% of all malware that is delivered through ads.

They also discovered that the lifespan of these Fake AV serving domains has visibly declined through time:

This is just a preview of the findings contained in the research paper that Google is going to present at the Workshop on Large-Scale Exploits and Emergent Threats in San Jose two weeks from now, so we can expect to get a glimpse at the big picture very soon.