Honeypots mailing list archives
Re: regarding malicious domains becoming inactive
From: Sushant Sinha <sushant () umich edu>
Date: Tue, 04 Nov 2008 11:28:27 -0500
List of mailicious/advertising domains is maintained by a number of people. SURBL (surbl.org) maintains list of URLs found in spam and Google maintains list of websites that may infect the end user (uprovides using the safe browsing API). Stopbadware also maintains such a list. So the only question is when are these websites active and when are they inactive. I do not see why this information is terribly important as assuming that these websites are always up is more safe. -Sushant. On Tue, 2008-11-04 at 12:05 +0530, Bhatnagar, Mayank wrote:
Hi, Often we find while analyzing malwares that malicious domains become inactive after some period of time. They may be active during initial period of activity, malwares when executed connecting to these domains, these domains then sending malicious files....binaries etc.....but just as soon as this information is being known or the behavior has been captured by IDS/IPS signatures blocking this domain, soon the domain itself become inactive. What do you feel should be the responsibility of IDS/IPS solution providers? I feel keeping track of such domains (live or down) in an automated manner may be one possibility, keeping a signature for some time as a measure of protection another. Also maintaining blacklists of these domains may be helpful. How should one handle such cases? Any ideas? Thanks & Regards, Mayank "DISCLAIMER: This message is proprietary to iPolicy Networks-Security Products division of Tech Mahindra Limited and is intended solely for the use of the individuals to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. iPolicy Networks-Security Products division of Tech Mahindra Limited accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
Current thread:
- Picviz 0.4 released Sebastien Tricaud (Oct 27)
- regarding malicious domains becoming inactive Bhatnagar, Mayank (Nov 04)
- Re: regarding malicious domains becoming inactive Andre D. Correa (Nov 04)
- Re: regarding malicious domains becoming inactive Sushant Sinha (Nov 04)
- Re: regarding malicious domains becoming inactive yelukati mahendra (Nov 05)
- regarding malicious domains becoming inactive Bhatnagar, Mayank (Nov 04)