Exploring the Ecosystem of Malicious Domain Registrations in the .eu TLD

نویسندگان

  • Thomas Vissers
  • Jan Spooren
  • Pieter Agten
  • Dirk Jumpertz
  • Peter Janssen
  • Marc Van Wesemael
  • Frank Piessens
  • Wouter Joosen
  • Lieven Desmet
چکیده

Abstract. This study extensively scrutinizes 14 months of registration data to identify large-scale malicious campaigns present in the .eu TLD. We explore the ecosystem and modus operandi of elaborate cybercriminal entities that recurrently register large amounts of domains for one-shot, malicious use. Although these malicious domains are short-lived, by incorporating registrant information, we establish that at least 80.04% of them can be framed in to 20 larger campaigns with varying duration and intensity. We further report on insights in the operational aspects of this business and observe, amongst other findings, that their processes are only partially automated. Finally, we apply a post-factum clustering process to validate the campaign identification process and to automate the ecosystem analysis of malicious registrations in a TLD zone.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Title : Increasing DNS Security and Stability through a Control Plane for Top - level Domain

We present a control plane for operators of Top-level Domains (TLDs) in the Domain Name System (DNS), such as “.org” and “.nl”, that enables them to increase the security and stability of their TLD by taking on the role of a threat intelligence provider. Our control plane is a novel system that extends a TLD operator’s traditional services and detects potential threats in the TLD by continuousl...

متن کامل

Master Thesis as part of the major in Security & Privacy at the EIT Digital Master School SIDekICk SuspIcious DomaIn Classification

The Domain Name System (DNS) plays a central role in the Internet. It allows the translation of human-readable domain names to (alpha-) numeric IP addresses in a fast and reliable manner. However, domain names not only allow Internet users to access benign services on the Internet but are used by hackers and other criminals as well, for example to host phishing campaigns, to distribute malware,...

متن کامل

RAPTOR: Ransomware Attack PredicTOR

Ransomware, a type of malicious software that encrypts a victim’s files and only releases the cryptographic key once a ransom is paid, has emerged as a potentially devastating class of cybercrimes in the past few years. In this paper, we present RAPTOR, a promising line of defense against ransomware attacks. RAPTOR fingerprints attackers’ operations to forecast ransomware activity. More specifi...

متن کامل

The model of Entrepreneurial Ecosystem Formation in Iran for Social and Cultural Development in Industry Domain using Grounded Theory

Entrepreneurship ecosystem is a combination of cultural, economic, political and social elements within an area interacting with each other to entrepreneurial activity in an environment conducive. The present study aims to achieve a model for the formation of entrepreneurial ecosystem in Iran using Grounded Theory. The main basis of data collection in this theory is to conduct semi-structured i...

متن کامل

The Long "Taile" of Typosquatting Domain Names

Typosquatting is a speculative behavior that leverages Internet naming and governance practices to extract profit from users’ misspellings and typing errors. Simple and inexpensive domain registration motivates speculators to register domain names in bulk to profit from display advertisements, to redirect traffic to third party pages, to deploy phishing sites, or to serve malware. While previou...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017