{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:50:22Z","timestamp":1772041822436,"version":"3.50.1"},"publisher-location":"New York, NY","reference-count":39,"publisher":"Springer New York","isbn-type":[{"value":"9781461419808","type":"print"},{"value":"9781461419815","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-1-4614-1981-5_4","type":"book-chapter","created":{"date-parts":[[2012,9,24]],"date-time":"2012-09-24T22:57:39Z","timestamp":1348527459000},"page":"55-78","source":"Crossref","is-referenced-by-count":40,"title":["The Underground Economy of Fake Antivirus Software"],"prefix":"10.1007","author":[{"given":"Brett","family":"Stone-Gross","sequence":"first","affiliation":[]},{"given":"Ryan","family":"Abman","sequence":"additional","affiliation":[]},{"given":"Richard A.","family":"Kemmerer","sequence":"additional","affiliation":[]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[]},{"given":"Douglas G.","family":"Steigerwald","sequence":"additional","affiliation":[]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,7,27]]},"reference":[{"key":"4_CR1","volume-title":"(2009) A view on current malware behaviors","author":"U Bayer","year":"2009","unstructured":"Bayer U, Habibi I, Balzarotti D, Kirda E, Kruegel C (2009) A view on current malware behaviors. In: USENIX workshop on large-scale exploits and emergent threats (LEET), 2009"},{"key":"4_CR2","volume-title":"(2008) Conducting cybersecurity research legally and ethically","author":"A Burstein","year":"2008","unstructured":"Burstein A (2008) Conducting cybersecurity research legally and ethically. In: USENIX workshop on large-scale exploits and emergent threats (LEET), 2008"},{"key":"4_CR3","volume-title":"(2010) Dissecting one click frauds","author":"N Christin","year":"2010","unstructured":"Christin N, Yanagihara S, Kamataki K (2010) Dissecting one click frauds. In: ACM conference on computer and communications security (CCS), 2010"},{"key":"4_CR4","unstructured":"Correll S, Corrons L (2010) The business of rogueware: analysis of the new style of online fraud. \n                http:\/\/www.pandasecurity.com\/img\/enc\/The%20Business%20of%20Rogueware.pdf"},{"key":"4_CR5","volume-title":"(2010) Detection and analysis of drive-by-download attacks and malicious javascript code","author":"M Cova","year":"2010","unstructured":"Cova M, Kruegel C, Vigna G (2010) Detection and analysis of drive-by-download attacks and malicious javascript code. In: Proceedings of the international world wide web conference (WWW), 2010"},{"key":"4_CR6","volume-title":"(2010) An analysis of rogue AV campaigns","author":"M Cova","year":"2010","unstructured":"Cova M, Leita C, Thonnard O, Keromytis A, Dacier M (2010) An analysis of rogue AV campaigns. In: Symposium on recent advances in intrusion detection (RAID), 2010"},{"key":"4_CR7","volume-title":"(2006) Why phishing works","author":"R Dhamija","year":"2006","unstructured":"Dhamija R, Tygar J, Hearst M (2006) Why phishing works. In: Conference on human factors in computing systems (CHI), 2006"},{"key":"4_CR8","unstructured":"Dittrich D, Bailey M, Dietrich S (2009) Towards community standards for ethical behavior in computer security research. Technical report 2009\u20131, Stevens CS, April 2009"},{"key":"4_CR9","volume-title":"(2008) You\u2019ve been warned: an empirical study of the effectiveness of web browser phishing warnings","author":"S Egelman","year":"2008","unstructured":"Egelman S, Cranor L, Hong J (2008) You\u2019ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Conference on human factors in computing systems (CHI), 2008"},{"key":"4_CR10","volume-title":"(2009) Symantec report on rogue security software","author":"M Fossi","year":"2009","unstructured":"Fossi M, Turner D, Johnson E, Mack T, Adams T, Blackbird J, Low M, McKinney D, Dacier\u00a0M, Keromytis A, Leita C, Cova M, Overton J, Thonnard O (2009) Symantec report on rogue security software. In: Whitepaper, 2009"},{"key":"4_CR11","volume-title":"(2007) An inquiry into the nature and causes of the wealth of internet miscreants","author":"J Franklin","year":"2007","unstructured":"Franklin J, Paxson V, Perrig A, Savage S (2007) An inquiry into the nature and causes of the wealth of internet miscreants. In: ACM conference on computer and communications security (CCS), 2007"},{"key":"4_CR12","unstructured":"Garfinkel S (2008) IRBs and security research: myths, facts and mission creep. In: Proceedings of the USENIX workshop on usability, psychology, and security, 2008"},{"key":"4_CR13","unstructured":"Holz T, Engelberth M, Freiling F (2008) Learning more about the underground economy: a case-study of keyloggers and dropzones. Reihe Informatik TR-2008\u2013006, university of Mannheim, 2008"},{"key":"4_CR14","volume-title":"(2008) Monkey-spider: detecting malicious websites with low-interaction honeyclients","author":"A Ikinci","year":"2008","unstructured":"Ikinci A, Holz T, Freiling F (2008) Monkey-spider: detecting malicious websites with low-interaction honeyclients. In: Proceedings of Sicherheit, Schutz und Zuverl\u00e4ssigkeit, April 2008"},{"key":"4_CR15","unstructured":"International Secure Systems Lab (2010). Anubis: analyzing unknown binaries. \n                http:\/\/anubis.iseclab.org"},{"key":"4_CR16","volume-title":"(2010) A framework for understanding and applying ethical principles in network and security research","author":"E Kenneally","year":"2010","unstructured":"Kenneally E, Bailey M, Maughan D (2010) A framework for understanding and applying ethical principles in network and security research. In: Proceedings of the workshop on ethics in computer security research (WECSR), 2010"},{"key":"4_CR17","unstructured":"Kirk J (2010) Bredolab-infected PCs downloading fake antivirus software. \n                http:\/\/www.pcworld.com\/businesscenter\/article\/209031\/bredolabinfected_pcs_downloading_fake_antivirus_software.html"},{"key":"4_CR18","volume-title":"(2009) Massive profits fueling rogue antivirus market","author":"B Krebs","year":"2009","unstructured":"Krebs B (2009) Massive profits fueling rogue antivirus market. In: Washington post, 2009"},{"key":"4_CR19","unstructured":"Krebs B (2009) Virus scanners for virus authors. \n                http:\/\/krebsonsecurity.com\/2009\/12\/virus-scanners-for-virus-authors\/"},{"key":"4_CR20","unstructured":"Krebs B (2010) Following the money, ePassporte edition. \n                http:\/\/krebsonsecurity.com\/2010\/09\/following-the-money-epassporte-edition\/"},{"key":"4_CR21","unstructured":"Krebs B (2010) Rogue antivirus victims seldom fight back. \n                http:\/\/krebsonsecurity.com\/2010\/07\/rogue-antivirus-victims-seldom-fight-back\/"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Ludl C, McAllister S, Kirda E, Kruegel C (2007) On the effectiveness of techniques to detect phishing sites. In: Proceedings of the conference on detection of intrusions and malware & vulnerability assessment (DIMVA), 2007","DOI":"10.1007\/978-3-540-73614-1_2"},{"key":"4_CR23","volume-title":"(2008) Behind phishing: an examination of phisher modi operandi","author":"K McGrath","year":"2008","unstructured":"McGrath K, Gupta M (2008) Behind phishing: an examination of phisher modi operandi. In:\u00a0USENIX workshop on large-scale exploits and emergent threats (LEET), 2008"},{"key":"4_CR24","unstructured":"Mick J (2010) Russian anti-spam chief caught spamming. \n                http:\/\/www.dailytech.com\/Russian+AntiSpam+Chief+Caught+Spamming\/article18423.htm"},{"key":"4_CR25","volume-title":"(2007) An empirical analysis of the current state of phishing attack and defence","author":"T Moore","year":"2007","unstructured":"Moore T, Clayton R (2007) An empirical analysis of the current state of phishing attack and defence. In: Workshop on the economics of information security (WEIS), 2007."},{"key":"4_CR26","volume-title":"(2006) Anomaly based web phishing page detection","author":"Y Pan","year":"2006","unstructured":"Pan Y, Ding X (2006) Anomaly based web phishing page detection. In: Annual computer security applications conference (ACSAC), 2006"},{"key":"4_CR27","unstructured":"Poulsen K (2009) Conficker doomsday worm sells out for $49.95. \n                http:\/\/www.wired.com\/threatlevel\/2009\/04\/conficker-dooms\/"},{"key":"4_CR28","volume-title":"(2007) The ghost in the browser: analysis of web-based malware","author":"N Provos","year":"2007","unstructured":"Provos N, McNamee D, Mavrommatis P, Wang K, Modadugu N (2007) The ghost in the browser: analysis of web-based malware. In: USENIX workshop on hot topics in understanding botnets (HotBots), 2007"},{"key":"4_CR29","volume-title":"(2008) All your iFRAMEs point to us","author":"N Provos","year":"2008","unstructured":"Provos N, Mavrommatis P, Rajab M, Monrose F (2008) All your iFRAMEs point to us. In:\u00a0USENIX security symposium, 2008"},{"key":"4_CR30","volume-title":"(2010) The nocebo effect on the web: an analysis of fake anti-virus distribution","author":"M Rajab","year":"2010","unstructured":"Rajab M, Ballard L, Mavrommatis P, Provos N, Zhao X (2010) The nocebo effect on the web: an analysis of fake anti-virus distribution. In: USENIX workshop on large-scale exploits and emergent threats (LEET), 2010"},{"key":"4_CR31","volume-title":"(2007) A layout-similarity-based approach for detecting phishing pages","author":"A Rosiello","year":"2007","unstructured":"Rosiello A, Kirda E, Kruegel C, Ferrandi F (2007) A layout-similarity-based approach for detecting phishing pages. In: Security and privacy in communication networks (SecureComm), 2007"},{"key":"4_CR32","volume-title":"(2009) The Partnerka what is it, and why should you care?","author":"D Samosseiko","year":"2009","unstructured":"Samosseiko D (2009) The Partnerka what is it, and why should you care? In: Annual virus bulletin conference, 2009"},{"key":"4_CR33","volume-title":"(2009) Your botnet is my botnet: analysis of a botnet takeover","author":"B Stone-Gross","year":"2009","unstructured":"Stone-Gross B, Cova M, Cavallaro L, Gilbert R, Szydlowski M, Kemmerer R, Kruegel C, Vigna G (2009) Your botnet is my botnet: analysis of a botnet takeover. In: ACM conference on computer and communications security (CCS), 2009"},{"key":"4_CR34","volume-title":"(2009) FIRE: FInding rogue nEtworks","author":"B Stone-Gross","year":"2009","unstructured":"Stone-Gross B, Moser A, Kruegel C, Kirda E, Almeroth K (2009) FIRE: FInding rogue nEtworks. In: Annual computer security applications conference (ACSAC), 2009"},{"key":"4_CR35","volume-title":"(2010) Peering through the iFrame","author":"B Stone-Gross","year":"2010","unstructured":"Stone-Gross B, Cova M, Kruegel C, Vigna G (2010) Peering through the iFrame. In: IEEE mini-conference on computer communications (INFOCOM), 2010"},{"key":"4_CR36","volume-title":"(2011) The underground economy of spam: a Botmasters perspective of coordinating large-scale spam campaigns","author":"B Stone-Gross","year":"2011","unstructured":"Stone-Gross B, Holz T, Stringhini G, Vigna G (2011) The underground economy of spam: a\u00a0Botmasters perspective of coordinating large-scale spam campaigns. In: USENIX workshop on large-scale exploits and emergent threats (LEET), 2011"},{"key":"4_CR37","unstructured":"TrendMicro (2010) The business of cybercrime a complex business model. Technical report, 2010"},{"key":"4_CR38","unstructured":"Villeneuve N, Deibert R, Rohozinski R (2010) KOOBFACE: Inside a crimeware network. InfoWar monitor JR04\u20132010, The SecDev group, 2010"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Zhuge J, Holz T, Song JGC, Han X, Zou W (2009) Studying malicious websites and the underground economy on the chinese web","DOI":"10.1007\/978-0-387-09762-6_11"}],"container-title":["Economics of Information Security and Privacy III"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4614-1981-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,7]],"date-time":"2019-05-07T16:05:28Z","timestamp":1557245128000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-1-4614-1981-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,7,27]]},"ISBN":["9781461419808","9781461419815"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-1-4614-1981-5_4","relation":{},"subject":[],"published":{"date-parts":[[2012,7,27]]}}}