Abstract
Nowadays, increasing Internet use is plagued by malicious activity; especially drive-by download attacks have become a serious problem. As part of an exploit-as-a-service ecosystem for drive-by download attacks, malware download sites play a particularly important role in malicious attacks. This paper examines the lifetime of malware download sites in terms of their URLs and FQDNs. We measured approximately 18,000 malware download URLs, for half a year, by using our Internet surveillance systems, we found that malware download sites have larger lifetime than exploit sites. We defined the malicious FQDN score and thereby analyzed top-scoring FQDN, time series, score distributions, and VirusTotals. We also analyzed the relationships among FQDN, malware, registrar, and name server. Our analytical results are useful in deciding appropriate methods or periods for blacklisting malware download sites.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
