- Nov 5, 2011
- 5,855
Details of a "new" Fake AV page here ..
Details of a "new" Fake AV page : on ZScaler.com research blog: http://research.zscaler.com/2012/04/details-of-fake-av-page.html
'The first thing you notice in the source code is that there is no obfuscation at all. The attacker is not trying to hide anything: CSS is inline, plain-text JavaScript (no obfuscation, no minification or packing) is inline, etc. That makes the pages very easy to track and block. Or it should....however, antivirus vendors are still not able to block the Fake AV executable with an acceptable level of accuracy. As you can see in the video, only 5 out of 42 antivirus engines find anything suspicious.' ..
Details of a "new" Fake AV page : on ZScaler.com research blog: http://research.zscaler.com/2012/04/details-of-fake-av-page.html
'The first thing you notice in the source code is that there is no obfuscation at all. The attacker is not trying to hide anything: CSS is inline, plain-text JavaScript (no obfuscation, no minification or packing) is inline, etc. That makes the pages very easy to track and block. Or it should....however, antivirus vendors are still not able to block the Fake AV executable with an acceptable level of accuracy. As you can see in the video, only 5 out of 42 antivirus engines find anything suspicious.' ..
