IDEAS home Printed from
MyIDEAS: Log in (now much improved!) to save this paper

The Underground Economy of Fake Antivirus Software

Listed author(s):
  • Steigerwald, Douglas
  • Vigna, Giovanni
  • Kruegel, Christopher
  • Kemmerer, Richard
  • Abman, Ryan
  • Stone-Gross, Brett

Fake antivirus (AV) programs have been utilized to defraud millions ofcomputer users into paying as much as one hundred dollars for a phony softwarelicense. As a result, fake AV software has evolved into one of the most lucrativecriminal operations on the Internet. In this paper, we examine the operations of threelarge-scale fake AV businesses, lasting from three months to more than two years.More precisely, we present the results of our analysis on a trove of data obtainedfrom several backend servers that the cybercriminals used to drive their scam operations.Our investigations reveal that these three fake AV businesses had earned acombined revenue of more than $130 million dollars. A particular focus of our analysisis on the financial and economic aspects of the scam, which involves legitimatecredit card networks as well as more dubious payment processors. In particular, wepresent an economic model that demonstrates that fake AV companies are activelymonitoring the refunds (chargebacks) that customers demand from their credit cardproviders. When the number of chargebacks increases in a short interval, the fakeAV companies react to customer complaints by granting more refunds. This lowersthe rate of chargebacks and ensures that a fake AV company can stay in businessfor a longer period of time. However, this behavior also leads to unusual patternsin chargebacks, which can potentially be leveraged by vigilant payment processorsand credit card companies to identify and ban fraudulent firms.

If you experience problems downloading a file, check if you have the proper application to view it first. In case of further problems read the IDEAS help page. Note that these files are not on the IDEAS site. Please be patient as the files may be large.

File URL:;origin=repeccitec
Download Restriction: no

Paper provided by Department of Economics, UC Santa Barbara in its series University of California at Santa Barbara, Economics Working Paper Series with number qt7p07k0zr.

in new window

Date of creation: 01 Jun 2011
Handle: RePEc:cdl:ucsbec:qt7p07k0zr
Contact details of provider: Postal:
2127 North Hall, Santa Barbara, CA 93106-9210

Phone: (805) 893-3670
Fax: (805) 893-8830
Web page:

More information through EDIRC

No references listed on IDEAS
You can help add them by filling out this form.

This item is not listed on Wikipedia, on a reading list or among the top items on IDEAS.

When requesting a correction, please mention this item's handle: RePEc:cdl:ucsbec:qt7p07k0zr. See general information about how to correct material in RePEc.

For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Lisa Schiff)

If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

If references are entirely missing, you can add them using this form.

If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.

If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.

Please note that corrections may take a couple of weeks to filter through the various RePEc services.

This information is provided to you by IDEAS at the Research Division of the Federal Reserve Bank of St. Louis using RePEc data.