How 'One-Day Wonder' websites help disguise malware

A new study released Tuesday reveals that 71 percent of all Internet hostnames exist for less than 24 hours, while a high volume of those pose threats to everyday Web users. 

|
Blue Coat
Out of more than 660 million websites analyzed, 470 million or 71 percent were showed to exist for less than 24 hours. Twenty-two percent of those short-lived sites were found to pose threats to Internet users.

Websites come and go. But a majority of them exist for less than a day before disappearing. 

While most people think of the Internet as being made of domain names, such as tumblr.com, a lot of the Internet's day-to-day growth comes from hostnames, the term for certain areas within a site, such as politicsprose.tumblr.com or neil-gaiman.tumblr.com.

New research released Tuesday from Blue Coat Security Labs, a Web security company based in San Francisco, says that 71 percent of all Internet hostnames appear for less than 24 hours. Of the top 50 domains that create short-lived hostnames, 22 percent pose threats to Web users.

Analyzing more than 660 million unique hostnames over a 90-day period, 470 million existed for one day or less. Each day, a new "One-Day Wonder" appears for every 15 people on the planet, the report states. 

Many of these short-lived sites are created by Web giants such as Google, Amazon, and Yahoo or by popular blogging sites such as Blogspot, Tumblr, and Wordpress. 

The report highlights that creators of malware often hide their malicious code in short-lived websites, as sites that are new and unknown can more easily evade Web security measures.

"The people that get infected with bots are primarily home users," says Tim van der Horst, a senior threat researcher at Blue Coat who helped compile the report, "One-Day Wonders: How Malware Hides among the Internet's Short-Lived Websites." 

While the low-level threats present in such short-lived sites do not pose the same kind of threat as, say, Heartbleed, the Internet bug that exposed secure data from more than two-thirds of the Internet's servers, Blue Coat researchers urge Internet users to take preventive measures, especially since small threats, left untended over time, can build up to pose a larger threat. 

"This smaller stuff is more of the low-level background radiation," Mr. van der Horst says. "It's the little things that you need to take care of." 

Recently, mobile operating systems have proven to be fertile ground for hackers. A form of malware known as "ransomware" – so called because it locks up a computer or device and holds it ransom until the user pays a price – has long been known to infect computers, but has now been found to infect mobile devices as well. In the past month, roughly 900,000 Android phones have been targeted, according to Lookout, a mobile security firm in San Francisco. 

Earlier this month, news surfaced that a group of Russian hackers had collected more than a billion user names and passwords, sparking renewed awareness of the vigilance everyday users are advised to take when it comes to their online activities.

To ensure safety, Blue Coat researchers stress basic Web precautions, which often amounts to a "think before you click" mantra. 

That includes links that appear in your e-mail inbox from users you don't know, as well as links that appear in places such as Twitter and Facebook. 

"If you're searching for Halloween stuff and the link that Google is showing you is a '.ru' or a '.in' you might ask, 'well, why would there be Halloween stuff in Russia or India?" says Chris Larsen, a software architect with the Webpulse research team who also helped compile the report. 

Mr. Larsen adds that hackers, on the whole, are becoming increasingly sophisticated. 

"The bad guys are getting much more mature and dedicated in their field," he says. "From even 10 years ago, they're smarter. They know that if they do enough of it, they'll get a good return on their investment." 

Granted, a company such as Blue Coat has an interest in spreading awareness of online threats as it sells security technology that give businesses and individuals analysis of cybersecurity threats and attacks. 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to How 'One-Day Wonder' websites help disguise malware
Read this article in
https://www.csmonitor.com/Technology/Responsible-Tech/2014/0826/How-One-Day-Wonder-websites-help-disguise-malware
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe