A researcher at OpenDNS Security Labs has developed a new way to automatically detect and block sites used to distribute malware almost instantaneously without having to scan them. The approach, initially developed by researcher Jeremiah O'Connor, uses natural language processing and other analytics to detect malicious domains before they can attack by spotting host names that are designed as camouflage. Called NLPRank, it spots DNS requests for sites that have names similar to legitimate sites, but with IP addresses that are outside the expected address blocks and other related data that hints at sketchiness.
The practice of using look-alike domain names as part of an effort to fool victims into visiting websites or approving downloads is a well-worn approach in computer crime. But recent crafted attacks via "phishing" links in e-mails and social media have gone past the well-worn "typo-squatting" approach by using domain names that appear close to those of trusted sites, registered just in time for attacks to fly under reputation-scoring security tools to make blacklisting them harder. Fake domain names such as update-java.net and adobe-update.net, for example, were used in the recently discovered "Carbanak" attacks on banks that allowed criminals to gain access to financial institutions' networks starting in January 2013 and steal over $1 billion over the next two years.
Full Article
DNS enhancement catches malware sites by understanding sneaky domain names
Userlevel 7
+52
Userlevel 7
By Jeremy Kirk
A security system undergoing testing by a San-Francisco-based company aims to speed up the detection of websites and domains used for cybercrime.
The technology is being developed by OpenDNS, which specializes in performing DNS (Domain Name System) lookups. The DNS translates domain names such as idg.com into an IP address that can be called into a browser.
OpenDNS offers a secure DNS service for ISPs and organizations that blocks requests from Web browsers to sites that may be associated with cybercrime or spoof a company like PayPal.
full article
A security system undergoing testing by a San-Francisco-based company aims to speed up the detection of websites and domains used for cybercrime.
The technology is being developed by OpenDNS, which specializes in performing DNS (Domain Name System) lookups. The DNS translates domain names such as idg.com into an IP address that can be called into a browser.
OpenDNS offers a secure DNS service for ISPs and organizations that blocks requests from Web browsers to sites that may be associated with cybercrime or spoof a company like PayPal.
full article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.