One-day websites providing cover for cybercrooks

Many of the host names that make up the web at any given time are sites that appear for just a single day, and these ‘one-day wonders’ are providing the perfect cover for malicious web activity, a new report states.

Blue Coat Systems researchers analysed more than 660 million unique hostnames requested by 75 million web users worldwide over a 90-day period starting in March. They found that 71% of these sites appeared for only a single day.

The majority of these one-day sites were generated from legitimate sources such as Google, Amazon and Yahoo as part of the backbone for how the internet works.

But Blue Coat said its research showed that out of the top 50 parent domains that most frequently hosted one-day sites, 22% of the one-day wonders detected were malicious, engaged in activity including managing communication between botnet-infected systems.

Cybercriminals are able to take advantage of the short-lived nature of the sites to avoid detection by security systems.

For example, they can develop command and control servers designed to be difficult to track by malware scanners or create a unique sub domain for each spam email to avoid detection by spam filters.

And the fact that so many one-day sites are legitimate allows malicious actors to “hide in plain sight”, the report states, with 71.88% of detected malicious sites utilising the .com TLD.

In its report, Blue Coat said the findings underscore the importance of using automated, real-time threat detection systems as well as policy-based security controls.

Image courtesy of Alpha under CC