Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems

Malicious servers that direct traffic to phishing pages, malicious ads and online gambling sites are difficult to detect as they use complex networks of starter, intermediate and landing domains to direct traffic to these sites, making them hard to take down.
A new machine learning-driven detector has been built using traffic redirection network topological analysis and comprehensive threat intelligence to identify such TDSs.
The detector identifies various malicious TDS infrastructure hosting different types of suspicious activity including malvertising, phishing and gambling services with a 93% precision and a 0.4% false positive rate.
More than three-quarters of the malicious TDS activity has longer redirection chains of more than four hops compared to just 10% of benign TDS activity.
Malicious TDSs contain 126 URLs compared to 80 for benign TDSs and have more interconnected nodes to make them harder to deanonimate.
The report includes several examples of malicious domains used in these campaigns, such as 3adating[.]com and mobesti[.]com.

Fast Feed