June 4, 2024
A bit of a nasty (anti)virus: the landscape of fake antivirus websites
David Barnett
SHARE
Facebook Twitter LinkedIn
A bit of a nasty (anti)virus: the landscape of fake antivirus websites

Following a recent report by Trellix about bogus websites posing as antivirus providers, we have conducted a landscape review of domains beginning with the names of major antivirus and antimalware providers. The analysis considers all examples where the second-level domain name (SLD) – i.e. the part to the left of the dot – consists only of the brand name, or where any keywords from a set of high-relevance keywords are also present.

New-gTLD extensions feature heavily within the list of 1,440 domains, with .live (106 domains), .online (48), .xyz (33), .site (22) and .shop (19) being the most popular. New-gTLDs are commonly associated with high rates of infringement and abuse, and give rise to particular security concerns in the technology sector, where many of the extensions have specific relevance.

The review identified a number of high-concern websites posing direct potential threats, such as those offering (potentially malicious) downloads and instances of user credential collection (i.e. potential phishing). Other identified infringement types included e-commerce sites, offers of discount codes and information sites. Significant numbers of domains where the SLD consisted just of the brand name were also found to be potentially infringing.

Given that this study focuses solely on a small subset of the full range of potentially infringing sites, the number of threatening findings is concerning. This analysis highlights the importance of proactive programmes of brand protection, incorporating a policy of defensive domain registrations (to address the issue of ‘brand-only’ SLD examples). Other advisable initiatives include greater clarity by brand owners on the identity of their official sites (perhaps involving the use of dot-brand extensions) and engagement with ‘fraudcasting’ schemes, to push out browser warnings for fraudulent sites.

This specific case of infringements targeting antivirus brands is an interesting one – essentially an instance of ‘gamekeeper turned game’. The very nature of these brands is such that consumer trust is a key element (in addition to technical effectiveness), so the emergence of these types of attack poses a real risk to brand reputation and value.

You can read the full review in our latest e-book.
SHARE
Facebook Twitter LinkedIn
Tags
Online Brand Enforcement /  Tech
Found this article interesting today?
Send us your thoughts:
Get in touch
Stobbs IP Limited
Building 1000
Cambridge Research Park
CB25 9PD
Tel. 01223 435240
Fax. 01223 425258
info@iamstobbs.com
Website Terms & Conditions
Privacy policy

German office legal notice
Cookie Declaration
Complaints Policy

Copyright © 2022 Stobbs IP
Stobbs (IP) Limited, trading as Stobbs, registered in England and Wales, Company number 08369121.
Registered Office: Building 1000, Cambridge Research Park, Cambridge, CB25 9PD.
VAT Number 155 4670 01.
Stobbs (IP) Limited and its directors and employees who are registered UK trade mark attorneys are regulated by IPReg www.ipreg.org.uk