Seifert, Christian, Delwadia, V., Komisarczuk, Peter, Stirling, D. and Welch, Ian (2009) Measurement study on malicious web servers in the .nz domain. In: Information Security and Privacy: 14th Australasian Conference, ACISP 2009 Brisbane, Australia, July 1-3, 2009 Proceedings. Lecture Notes in Computer Science, 5594 . Springer, Heidelberg, Germany, pp. 8-25. ISBN 9783642026195Full text not available from this repository.
Client-side attacks have become an increasing problem on the Internet today. Malicious web pages launch so-called drive-by-download attacks that are capable to gain complete control of a user’s machine by merely having that user visit a malicious web page. Criminals that are behind the majority of these malicious web pages are highly sensitive to location, language and economic trends to increase their return on investment. In this paper, a comprehensive measurement study of malicious web servers on the .nz domain is presented. The risk of drive-by-download attacks has been compared with other domains showing no elevated risk for the .nz domain. However, a comprehensive assessment of the .nz domain showed the existence of malicious web pages across a variety of types of web pages. Blacklisting services showed limited success to protect against such malicious web pages. This is primarily attributed to the highly dynamic nature of malicious web pages. Over a period of eight months, the .nz domain was monitored and continuous shifting of malicious behavior of web pages has been observed. The rates observed show that on average 50% of malicious URLs identified change monthly. The rates pose a challenge to blacklisting services as well as a risk to end users with rapid dissemination of zero-day attacks. Frequent scans of the web are required to obtain a good up-to-date view of the threat landscape.
|Item Type:||Book Section|
|Depositing User:||Vani Aul|
|Date Deposited:||21 Mar 2014 16:12|
|Last Modified:||14 Mar 2017 16:26|
Actions (login required)