Cyber criminals use ‘One Day Wonders’ to evade security tools

Blue Coat recently analyzed 660 million unique hostnames over a 90-day period, and found that more than 70 percent of the domains existed for less than a day. Cyber criminals use these short-lived domains–dubbed “One Day Wonders” by Blue Coat researchers–to stay one step ahead of security tools designed to identify and block access to risky sites based on reputation. BY always using brand new domains, there is never any accumulated reputation info from which to make a determination of risk.

I wrote about the Blue Coat report in a post on my Minimal Risk blog:

It might surprise you to learn that a very large percentage of websites have the lifespan of a typical mayfly—24 hours or less. Blue Coat dubbed such sites “One Day Wonders”, and has released a research study on the risks of these fly-by-night sites.

There are a select few Web domains that account for the vast majority of Web traffic—household names like Google, Amazon, and Netflix. There are probably fewer than 100—possibly even fewer than 25—that an average user visits with any regularity. The reality, though, is that there are hundreds of millions of domains in existence, and that many exist for very brief periods of time.

Blue Coat researchers were curious about these short-lived sites, so they analyzed more than 660 million unique hostnames, requested by 75 million users around the world over a 90-day period. What they found is that more than 70 percent of the requested hostnames were “One Day Wonders” that appeared, and disappeared from the Internet within a single day.

Click here to read the full post on CSOOnline: Blue Coat reveals dangers of ‘One Day Wonders’.

Scroll to Top