Blue Coat discloses security risks arising from "one-day tour" Websites

Blue Coat discloses security risks arising from "one-day tour" Websites

October 22, September 1, 2014-Blue Coat, a leading business support technology vendor, announced today that 71% of website host names appear for only 24 hours. Although the vast majority of these host names, dubbed "day trips", play an important role in sharing and delivering Internet content, they also provide protection for malicious activities, for example, communication with an infected system. Blue Coat security lab released the latest report "one-day tour" Host: How malware hides itself from short-lived websites ", which details the nature and activities of these" short-lived "websites, this helps us better understand the potential security impact of websites that have been around for less than 24 hours.

The biggest driving force of a "one-day tour" website includes some important Internet companies such as Google, Amazon, and Yahoo, as well as website optimization companies that help accelerate content delivery. Blue Coat also found that one of the top 10 "one-day tour" websites is the most popular pornographic website.

22% of the top 50 parent domain names that most frequently use the "one-day tour" website are malicious. These domain names use short-lived websites to drive attacks and manage botnets, and use "new knowledge and unknown" websites to intrude into security solutions. For example, a "one-day tour" website can be used to build a dynamic command and control architecture that is scalable, difficult to attack, and easy to implement. They can also be used to create unique subdomains for each spam to avoid being detected by spam or Network filters.

Tim van der Horst, Senior threat researcher at Blue Coat Systems, said: "Although most 'day' websites are critical to legal Internet activities and are not malicious, however, a large number of such websites have created a perfect environment for malicious activities. The Rapid Construction and disappearance of xinzhi and unknown websites have shaken many existing security controls. Understanding what these websites are and how they are used is critical to improving security ."

"One-day tours" websites are particularly popular among cyber criminals because they:

· Keep Security Solutions guessing that dynamic domain names are more difficult to block than static domain names.

· Flood security solution: a large number of domain names are generated, making a certain proportion of domain names more likely to be ignored by security controls.

· Security solutions: by simply integrating day tour websites and encryption and running inbound malware and/or outbound data theft through SSL. Enterprises usually do not see attacks, which affects their ability to prevent, detect, and respond.

As enterprises continue to defend against cyberattacks, they can learn valuable experience and further enhance security, including:

· Security controls must obtain automated real-time intelligence to discover these "day trips" websites and assign risk levels. Static or slow defense is insufficient to protect user and company data.

· Policy-based security controls must be able to block malicious attacks based on real-time intelligence.

Blue Coat researchers analyzed that 75 million of global users accessed more than 0.66 billion independent host names within 90 days. They found that 71% of host names, or 0.47 billion, were "day trips" websites that only appeared for one day.

Reports and information Graphs

Complete report of the day host: How malware in the short-lived website to hide themselves, see: https://www.bluecoat.com/security-report-one-day-wonders