[dns-operations] Bluecoat report on newer TLDs heavily used for botnet C&C, phishing, and spamming.
m3047 at m3047.net
Mon Sep 7 19:24:09 UTC 2015
To operationalize this...
On Monday 07 September 2015 05:52, Stephane Bortzmeyer wrote:
> On Thu, Sep 03, 2015 at 03:49:28PM -0300,
> Rubens Kuhl <rubensk at nic.br> wrote
> a message of 13 lines which said:
> > >
> > Not that much useful, considering they made a gross mistake like not
> > differentiating .zip URIs from .zip domain names.
> I thought you were trolling but no, they are indeed stupid enough to
> do that:
For those of you who may have missed the recent whistling past the
graveyard^H^H^H^H^H^H^H^H errmmm... Windows trusting file shares issues or
have never seen
I believe that they may be alluding to e.g. client-side software which is
faced with the question:
"Ok, this is a reference. I'm supposed to fetch it. What kind of reference is
and that they're seeing the FOD of attempts to find e.g. my-presentation.zip
which were meant to refer to a file of the same name, present or otherwise.
If this is the case, then other TLDs which collide with file extensions could
see the same traffic.
"Shady" is a bit of a head scratcher, although if there are (malware) DGA
algorithms which are already generating domains under a TLD which has almost
none, then seeing those on your own network would also be useful counter
More information about the dns-operations