June 4, 2024
A bit of a nasty (anti)virus: the landscape of fake antivirus websites
A bit of a nasty (anti)virus: the landscape of fake antivirus websites

Following a recent report by Trellix about bogus websites posing as antivirus providers, we have conducted a landscape review of domains beginning with the names of major antivirus and antimalware providers. The analysis considers all examples where the second-level domain name (SLD) – i.e. the part to the left of the dot – consists only of the brand name, or where any keywords from a set of high-relevance keywords are also present.

New-gTLD extensions feature heavily within the list of 1,440 domains, with .live (106 domains), .online (48), .xyz (33), .site (22) and .shop (19) being the most popular. New-gTLDs are commonly associated with high rates of infringement and abuse, and give rise to particular security concerns in the technology sector, where many of the extensions have specific relevance.

The review identified a number of high-concern websites posing direct potential threats, such as those offering (potentially malicious) downloads and instances of user credential collection (i.e. potential phishing). Other identified infringement types included e-commerce sites, offers of discount codes and information sites. Significant numbers of domains where the SLD consisted just of the brand name were also found to be potentially infringing.

Given that this study focuses solely on a small subset of the full range of potentially infringing sites, the number of threatening findings is concerning. This analysis highlights the importance of proactive programmes of brand protection, incorporating a policy of defensive domain registrations (to address the issue of ‘brand-only’ SLD examples). Other advisable initiatives include greater clarity by brand owners on the identity of their official sites (perhaps involving the use of dot-brand extensions) and engagement with ‘fraudcasting’ schemes, to push out browser warnings for fraudulent sites.

This specific case of infringements targeting antivirus brands is an interesting one – essentially an instance of ‘gamekeeper turned game’. The very nature of these brands is such that consumer trust is a key element (in addition to technical effectiveness), so the emergence of these types of attack poses a real risk to brand reputation and value.

You can read the full review in our latest e-book.

Online Brand Enforcement /  Tech

Found this article interesting today?
Send us your thoughts: