\u201cA typical phishing or Web-based malware attack usually isn\u2019t terribly complex,\u201d says a report on Threat Post. \u201cBut they need a few things in order to work, and one of the key components often is a malicious domain. Researchers spend a lot of time identifying and taking these domains down, but some researchers now are trying to stay a step ahead of the game by predicting which domains will be used for malicious purposes.\u201d
\nAccording to the report, \u201cLike bored tweens at the mall, malicious domains tend to cluster together, showing up in large groups at certain hosting providers. Often, these are so-called bulletproof hosting companies that aren\u2019t overly concerned with what kind of activity is emanating from the domains on its platform.\u201d
\nDozens of domains are often registered at a time, \u201ctypically with nonsensical alphanumeric URLs, and use them as needed, discarding them whenever they\u2019re identified as malicious.\u201d
\nTo counter these attackers, researchers at Palo Alto Networks have been looking at their behaviours. And as a result they have \u201cidentified a few things that can help them predict which domains may end up being malicious at some point. They found that one domains are identified as malicious and blacklisted by reputation services, the attackers will abandon them. Then, after a period of time, the domain is removed from the reputation systems and other blacklists and will fall back into a pool of domains that are useful to attackers. In research presented at the Virus Bulletin conference here Wednesday, Wei Xu, Yanxin Zhang and Kyle Sanders of Palo Alto said that they have developed a formula that enables them to predict which of those domains will be used by attackers again.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"