long lived malware domains – quick longitudinal analysis

Posted on December 14th, 2010 in Domain News by dglosser

A quick longitudinal study of some long-lived malware domains listed on the malwaredomains DNS-BH list.

These domains were found to contain or be associated with malware from 2009 or the first half of 2010.

Each domain was reevaluated in August 2010 using google safebrowsing. Those marked as not suspicious or those marked as suspicious but have not been serving or associated with malware for the past 90 days were removed from the list.

Of these 1185 domains, 569, or 48% were deemed as still “worthy” of being kept on the DNS-BH blocklist. That’s 569 harmful domains which were active for over four months…

Another analysis occurred in Dec 2010. Of the 569 remaining domains, 150 or 26% were  delisted — which means that  74% continued to be associated with badness.

There are over 380 domains which have been listed for over a year…

Data is here:  http://www.malwaredomains.com/files/long_lived_malware_domains_analysis.txt

One observation – there are no  rogue security domains on this list.

Comments are closed.