long lived malware domains – quick longitudinal analysis
A quick longitudinal study of some long-lived malware domains listed on the malwaredomains DNS-BH list.
These domains were found to contain or be associated with malware from 2009 or the first half of 2010.
Each domain was reevaluated in August 2010 using google safebrowsing. Those marked as not suspicious or those marked as suspicious but have not been serving or associated with malware for the past 90 days were removed from the list.
Of these 1185 domains, 569, or 48% were deemed as still “worthy” of being kept on the DNS-BH blocklist. That’s 569 harmful domains which were active for over four months…
Another analysis occurred in Dec 2010. Of the 569 remaining domains, 150 or 26% were delisted — which means that 74% continued to be associated with badness.
There are over 380 domains which have been listed for over a year…
Data is here: http://www.malwaredomains.com/files/long_lived_malware_domains_analysis.txt
One observation – there are no rogue security domains on this list.