Download Now Free registration required
This paper studies the dynamics of scam hosting infrastructure, with an emphasis on the role of fast-flux service networks. By monitoring changes in DNS records of over 350 distinct spam-advertised domains collected from URLs in 115,000 spam emails received at a large spam sinkhole, the authors measure the rates and locations of remapping DNS records, and the rates at which "Fresh" IP addresses are used. They find that, unlike the short-lived nature of the scams themselves, the infrastructure that hosts these scams has relatively persistent features that may ultimately assist detection.
- Format: PDF
- Size: 401.9 KB