Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
作者: Panagiotis Kintis , Najmeh Miramirkhani , Charles Lever , Yizheng Chen , Rosa Romero-Gómez
关键词: Network security 、 Computer science 、 Scrutiny 、 Trademark 、 Phishing 、 Internet privacy 、 Computer security 、 Social engineering (security) 、 Security community 、 Domain Name System
摘要: Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study specific type of called "combosquatting," in which domains combine trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical combosquatting by analyzing than 468 billion DNS records - collected from passive and active data sources over almost six years. find 60% abusive live for 1,000 days, even worse, observe increased activity associated year year. Moreover, show used spectrum different types abuse including phishing, social engineering, affiliate abuse, advanced persistent threats. Our results suggest real problem requires scrutiny security community.
arxiv.org
lsbu.ac.uk
acm.org 参考文章(35)
Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen, Soundsquatting: Uncovering the Use of Homophones in Domain Squatting international conference on information security. pp. 291- 308 ,(2014) , 10.1007/978-3-319-13257-0_17
Chad Verbowski, Jeffrey Wang, Yi-Min Wang, Doug Beck, Brad Daniels, Strider typo-patrol: discovery and analysis of systematic typo-squatting conference on steps to reducing unwanted traffic on internet. pp. 5- 5 ,(2006)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Karen Murray, The US Anticybersquatting Consumer Protection Act 1999 and its implications for Irish users of the.com registry Round Hall. ,(2000)
Babak Rahbarinia, Roberto Perdisci, Manos Antonakakis, Segugio: Efficient Behavior-Based Tracking of Malware-Control Domains in Large ISP Networks 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp. 403- 414 ,(2015) , 10.1109/DSN.2015.35
Steven D. Gribble, Tobias Holgers, David E. Watson, Cutting through the confusion: a measurement study of homograph attacks usenix annual technical conference. pp. 24- 24 ,(2006)
Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, Wouter Joosen, Bitsquatting Proceedings of the 22nd international conference on World Wide Web - WWW '13. pp. 989- 998 ,(2013) , 10.1145/2488388.2488474
Markus Jakobsson, Alex Tsow, Ankur Shah, Eli Blevis, Youn-Kyung Lim, What instills trust? a qualitative study of phishing financial cryptography. ,vol. 4886, pp. 356- 361 ,(2007) , 10.1007/978-3-540-77366-5_32
Roberto Perdisci, David Dagon, Yacin Nadji, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Saeed Abu-Nimeh, From throw-away traffic to bots: detecting the rise of DGA-based malware usenix security symposium. pp. 24- 24 ,(2012)
Geoffrey M. Voelker, Vern Paxson, Brandon Enright, Chris Kanich, Christian Kreibich, Kirill Levchenko, Stefan Savage, On the spam campaign trail LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 1- ,(2008)