Sometimes when I read about a new cybercrime technique, I can’t help but wish these guys would use their smarts for good rather than evil. And why can’t the good guys think of these tricks first to thwart the bad guys?
That was the thought I had when I saw Blue Coat’s findings on the use of one-day websites to spread malware.
According to the research, a whopping 71 percent of Web host names, approximately 470 million out of 660 million unique names, are only meant to last for 24 hours. This is by design. As Blue Coat pointed out, these short-term sites are the backbone of the Internet:
The largest generators of One-Day Wonders include organizations that have a substantial Internet presence, such as Google, Amazon and Yahoo, as well as Web optimization companies that help accelerate the delivery of content. Blue Coat also found that in one case, one of the top ten most prolific creators of One-Day Wonders is the most popular pornography website on the Internet.
Of the top 50 parent domains that most frequently used One-Day Wonders, 22 percent were malicious. These domains use short-lived sites to facilitate attacks and manage botnets, taking advantage of the site being “new and unknown” to evade security solutions.
From a cybercriminal point of view, it’s a brilliant move. Load a website with malware, infect a ton of visitors, and then disappear. It also wreaks havoc on security systems. Either the malicious sites are easy to hide or they overload security solutions.
The only good thing about these malicious one-day websites is that they are low-level threats. But they are still a threat and have to be handled properly. As the Christian Science Monitor explained:
While the low-level threats present in such short-lived sites do not pose the same kind of threat as, say, Heartbleed, the Internet bug that exposed secure data from more than two-thirds of the Internet's servers, Blue Coat researchers urge Internet users to take preventive measures, especially since small threats, left untended over time, can build up to pose a larger threat.
You may stumble across these websites by mistake, as a typo when looking for a specific website, or by accidentally clicking on a malicious spoof site of, say, nude celebrity pictures. They are often used in phishing emails. Blue Coat has these specific recommendations to better protect yourself from these one-hit wonders:
Security controls must be informed by automated, real-time intelligence that can identify and assign risk levels to these One-Day Wonders. Static or slow-moving defenses do not suffice to protect users and corporate data. And policy-based security controls must be able to act on real-time intelligence to block malicious attacks.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba