Measuring the Lifecycles of Malicious Domains
Interesting article found here…. From the abstract:
…we present preliminary results from
on-going experiments we are conducting to track the lifetime of
malicious domains. Studying the lifecycles of malicious domain
names will provide insight into the many classes of criminal
networks that depend on DNS, and inspire the development of
new, more effective countermeasures.”
Some highlights:
- the number of resurrected domains gravitates around 200 everyday revealing a number of domains that are intermittently inactive, which could potentially be an evasion mechanism or a correlating characteristic of instability
- Contrary to our intuition … many of the [malicious] domains are long-lived and more domains are being introduced than are dying.
We’ve noticed and tracked many of the “immortal” malware domains but haven’t done any research into “resurrected”, or intermittently inactive/active domains. Hmmm
Again, we encourage research using our blocklists and have set up a mirror dedicated to open source projects and scholarly research. All we ask that you let us know about such research
“