The Words That Indicate Malicious Domain URLs

Posted by timothy on Tuesday June 16, 2015 @12:57AM from the strange-world-we-live-in dept.

An anonymous reader writes: Researchers from AT&T have released research which improves the identification-rate of malicious URLs — such as those used for C&C servers or to distribute malware to redirected victims — by individuating words in the domain names. Though many of the words that Wei Wang and Kenneth Shirley were able to group as 'malign' are predictable, there is a strange recurrence of basketball-related words in the URL lexicon of malice, with 'bad' domains using names such as LeBron James, Kobe Bryant and Michael Jordan. By contrast 'golf' is least likely to be seen in a dangerous URL, along with state names, scenery and realty.

2 of 84 comments (clear)

Min score:

Reason:

Sort:

A hyphen by Anonymous Coward · 2015-06-16 01:09 · Score: 1, Interesting

I cannot remember the last time I visited a legitimate website with a hyphen in the URL.
Interesting, but doubt it's very effective by dskoll · 2015-06-16 01:16 · Score: 4, Interesting

The paper is interesting, but I doubt it's very effective. An awful lot of the malicious URLs we seen in our filters are legitimate web sites that have been compromised and had malicious content inserted. We have thousands of malicious URLs containing "wp-content", just to give you an idea...