Slashdot Mirror
The Words That Indicate Malicious Domain URLs
An anonymous reader writes: Researchers from AT&T have released research which improves the identification-rate of malicious URLs — such as those used for C&C servers or to distribute malware to redirected victims — by individuating words in the domain names. Though many of the words that Wei Wang and Kenneth Shirley were able to group as 'malign' are predictable, there is a strange recurrence of basketball-related words in the URL lexicon of malice, with 'bad' domains using names such as LeBron James, Kobe Bryant and Michael Jordan. By contrast 'golf' is least likely to be seen in a dangerous URL, along with state names, scenery and realty.
'nuff said.
Seriously, it seems they know how to entice the befuddled masses in to clicking on their garbage.
Nobody expects gold to be sinister, that's just misdirection.
The real evil is in the golf.
Lost at C:>. Found at C.
This kind of research is almost self-defeating.
When you put out there a list of words that help flag a domain as "bad", you're just signaling to the malware makers to avoid those words.
Then you can make a new list of words. And then they'll avoid those words.
Eventually, the malware domains will be essentially indistinguishable from the real domains.
That's lose-lose for everyone.
Unfortunately, keeping the list secret does no good either. If it's truly secret, then no one can use it to fight malware. If it's only "secret" as in "not widely published", then the malware makers will still find it and use it.
There is no right choice.
I cannot remember the last time I visited a legitimate website with a hyphen in the URL.
The paper is interesting, but I doubt it's very effective. An awful lot of the malicious URLs we seen in our filters are legitimate web sites that have been compromised and had malicious content inserted. We have thousands of malicious URLs containing "wp-content", just to give you an idea...
You know, if you weren't waiting to post these stupid comments on Slashdot, you'd have more time to fap.
Get free satoshi (Bitcoin) and Dogecoins
Now the perpetrators will start using golf terms.
Unless that's the thing that gets him/her going.
You're looking for quotes? See my journal.
"Words that indicate" leads the sheep among us to believe that all URLs citing the words presented shall be construed as malicious.
Fuck you.
Has anybody ever seen a non-malicious url that contains the word "goat" in it?
I do hope Bennett Haselton reviews this software someday. I only follow his recommendations.
sourceforge.net
cnet.com and download.com
softpedia.com
Silence is a state of mime.
The saddest are these: /pol/ was right again
I can't believe that's a word...
http://www.golf-massachussets-...
Perfectly legit sales!
Coincidence?
It only takes one hand to fap.
The first studies that showed "password" "0000" "1234" etc. were among the most-common passwords/PINs was published so long ago that I don't remember when it was.
Studies since then and even recent ones keep showing similar results.
PS: It's time for me to change my /. password. I'm trying to decide between passw0rd and 1248, any advice?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Instead of spending your days posting your stupid host file lectures on slashdot, why don't you find an audience that actually gives a fuck?
So you only enjoy one of your two penises? That's only half the fun!
Get free satoshi (Bitcoin) and Dogecoins
Stop spamming. You realise that if you had an account here, it would be banned, as you are no better than any of the other spammers that crop up. You didn't listen to Nietzsche and now the abyss is staring deep into you. You are now the problem you sought to alleviate. Happy?
Ladies and gentlemen, here we have APK pretending to be some kind-hearted supporter of himself, in a vain attempt to lend credence to his tenuous position. APK thinks so highly of this audience that he spams us and thinks we're retarded.
The real irony is his anti-advertising solution can't block his advertising. He's his own worst enemy, yet has no idea. Mental illness is a bitch.
Because thanks to this valuable research, all the "bad URL owners" will get different "bad" ones. I propose to go to soccer instead, with the FIFA serving as easy example why these are "bad".
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
not that many women visit golf sites, but they like big BB players with large shoes.
You can't tell people about this kind of research because then the malignant people change their words. The only benefit is in keeping it quiet.
not any more.
I don't know about Dave, but I can't do what APK does ... this is my trolling account, but I bow to the master.
My belly fat is so large I just giggle around a bit and it gets the job done. Look Ma, no hands!
For the best hosts file? APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...
FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. browser addons & locally installed DNS servers @ home + fixes DNS' redirect security issues - obtaining its data vs. online threats & adbanner blocking from 10 reputable sites in the security community!
* :)
By "yours truly" - "The Lord of Hosts" so-to-speak:
PERTINENT QUOTE/EXCERPT:
"The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power" from https://answers.yahoo.com/ques... & in myself, via hosts/custom hosts files use.
(Accept NO substitutes!)
MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...
&
It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...
+
In its 32-bit model also https://www.virustotal.com/en/...
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
"Talos has discussed domain shadowing before at a high level. It’s a technique where threat actors use compromised registrant accounts to create large amounts of malicious subdomains. This is what Talos has found Nuclear using in this most recent campaign. It has been effectively rotating IP addresses, subdomains, and parent domains at a relatively quick rate." ref
TempestRose, lennier1, ScottCooperDotNet, Bill Dog, drinkypoo, Culture20, Rick17JJ, Ol Olsoc, icebraining, Trax3001BBS, fahrbot-bot, EdIII, bLanark, RocketRabbit, TheRealGrogan, Martin Blank, CAIMLAS. drakaan, Dynedain,Lime Green Bowler, Bob9113, wolrahnaes, raju1kabir, mrbcs, gweihir, frovingslosh, tepples, kimvette, Geeky, humanrev, maestroX, phrostie, ElectricTurtle, mattbee, VShael, AndGodSed, jafiwam, i.r.id10t, NeverVotedBush, falconwolf, BrokenHalo, orclevegam, cyberjock1980, gad_zuki!, furby076, jandrese, halcyon1234, Anonymous Admin, houghi, drooling-dog, dracocat, betterunixthanunix, someones, sqrt(2), cratermoon, bmo, fast turtle, Kris_J, SydShamino, Technician, pjkeyzer, srmalloy, schwit1, mrbcs, KingAlanI, ksemlerK, Scorch_, Mechanic, NealBScott, Anubis IV, crutchy, damn_registrars, couchslug, green1, wakeboarder, Gothmolly, lesincompetent, ls671, DigiShaman, P. Don, Yaa 101, qwertyatwork, dehole, Em Adespoton, CAOgdin, schwit1, MightyYar, RJFerret, idontgno, technosaurus, bemymonkey, wickerprints, noh8rz10, sexconker, sandbagger, NewWorldDan, Karmashock, aNonnyMouseCowered, Dracos, keith_nt4, networkzombie, jafiwam, JohnFen, SigmundFloyd, EETech1, duck_rifted, The MAZZTer, Anonymous Brave Guy, plasm4, holophrastic, Baki, StikyPad, kermidge, & myself...
There's ~125 /.'ers using hosts files: See subject!
(My program creates the most efficient complete hosts files in the easiest form - GUI, from 10 reputable sources in the security community)
* They're ones I crushed raymorris on here http://it.slashdot.org/comment... via their DIRECT quotes shown there!
Lastly: Downmodding the last time I posted this here http://tech.slashdot.org/comme... to "hide it"?
APK
P.S.=> See subject:You're outnumbered 125++:1 & DEMAND for my program (hosted & recommended by MalwareBytes' hpHosts no less) went up SO much they moved to AMAZON UnDDoS'able servers (hosts data demand + downloads of APK Hosts File Engine 9.0++ SR-2 32/64-bit) apk
See subject & when you ran vs. myself on hosts, you troll http://yro.slashdot.org/commen...
* Still angry you're too stupid to combat facts I use?
(Yes, obviously... lol!)
APK
P.S.=> Dave420, listen: You being a "ne'er-do-well" troll on forums harassing me & yet ALWAYS GETTING BEATEN DOWN by me is no way to live, lol!
FACT:
Based on the link above & your inability to prove my points in it wrong?
Hey - as your constant losses to me only make ME LOOK GOOD, & your lame troll ass by comparison? LMAO, well - "not so good"... apk
What he preached (block apk posts by browser addon) but dave420 stalks apk with off topic trolling instead.
Dave420 bows to apk n agreed w\ him on hosts http://yro.slashdot.org/commen...
There's a new Command and Conquer coming out? Hmm, or am I being scammed?
Why do you stalk\harass apk? Your post history's evidence. No denying it. Anyone can verify it as I have. Are you so obsessed with him doing better than you have in computing that you feel compelled to stalk and harass him constantly like a psycho you're showing us you are by doing it? He's challenged you to do better. It's evident you can't. You can't even prove his lists of points favoring hosts files wrong, agreeing with him he is correct on them from recent replies of yours in exchanges with apk you've had. What's your problem? Jealousy?
Why do you stalk\harass apk? Your post history's evidence. No denying it. Anyone can verify it. Are you so obsessed with him doing better than you have in computing that you feel compelled to stalk and harass him constantly like a psycho you're showing us you are by doing it? He's challenged you to do better. It's evident you can't. You can't even prove his lists of points favoring hosts files wrong, agreeing with him he is correct on them from recent replies of yours in exchanges with apk you've had. What's your problem? Jealousy?
"I just reply to you when I see you spamming Slashdot with your nonsense"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
Why'd you agree w/ my points on hosts then? Quoting you here:
"I'm not denying all those things" - by dave420 (699308) on Wednesday September 17, 2014 @11:39AM (#47927435) FROM -> http://yro.slashdot.org/commen...
Of course you're not: It's impossible to dispute FACT on HOSTS FILES superiority to other methods!
Since my points of fact in favor of hosts SINGLE FILE native kernelmode faster part show hosts doing more, with less, vs. so-called 'competitors' many part messagepassing + other overheads laden slower usermode FAR MORE COMPLEX 'solutions' doing less than hosts do for more security, speed, reliability, + anonymity online!
I make creating a superior more efficient solution EASIER!
(Which is more than a mere trolling stalking harassing "ne'er-do-well" like yourself could *EVER* manage).
---
"I'm simply pointing out that it takes an AdBlocker to block your spamming"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
Then WHY DON'T YOU DO THAT & use 'em? Answer that!
(You stalk/harass me instead!)
I bother you? Use them!
OBVIOUSLY, you don't & you're just a "ne'er-do-well" troll, OR you have "other motivations" (see next):
---
* QUESTION:
DO YOU WORK FOR AN ADVERTISING FIRM, or ARE YOU A WEBMASTER/WEBCODER http://slashdot.org/comments.p... , or ARE YOU A MALWARE MAKER, or ARE YOU AFFILIATED WITH 1 OF MY COMPETITORS?
Answer that!
No, instead as per your usual, you'll avoid every question, or lie!
(You must be involved with 1 of those above, especially since you can't EVER "get the best of me" & you know it, witness the above - & their "so-called 'solutions' are INFERIOR TO MINE on TONS of levels, OR YOU'D USE THEM, merely evidencing their stupidity in & of itself via inferior designwork!)
APK
P.S.=> SEE Dave420 SQUIRM - evasions galore from him will ensue, guaranteed... apk