Crime scene evidence of an infected site: Predicting malware by examining server software

Every day, OpenDNS discovers thousands of websites serving malicious content, by harnessing massive amounts of DNS data.

Besides what DNS level data can tell us, examining the type of server software cybercriminals use also helps increase the accuracy of our algorithms.

In this experiment, we collected 50,000 domain names that have been actively serving malware between March 6th and June 6th, and 50,000 popular domain names that we never saw involved in malicious activities.

In all the following charts, the inner ring represents malicious domain names, whereas the ...

BSides New Orleans 2013

I had the opportunity to present at BSides NOLA 2013 over Memorial Day weekend. The conference spanned three tracks and featured close to 20 talks covering current trends in security and Digital Forensics and Incident Response (DFIR).

I presented on the topic of “Discovering new malicious domains using DNS and big data, Case study: Fast Flux domains”, which also featured a demo of our Umbrella Security Graph tool. I discussed the algorithms and techniques we use at OpenDNS to discover large sets of new ...