Machine Learning in Security Part 1: Language Model Detection in Domains

At OpenDNS our resolvers are flooded with massive amounts of Chinese domains on a daily basis, many of which security researchers are unfamiliar with. One of the projects our team was initially tasked with was to come up with a method to filter these Chinese domains out from the rest of the traffic in order to reduce the false positive rate for our classifier algorithms and to potentially detect IPs exhibiting spamming or search engine optimization (SEO) behavior. Pinyin ...

Identifying the Behavioral Patterns of a Spam Network

In 2013, email spam accounted for approximately 69% of all internet email traffic [Kaspersky]. Economists predict email spam costs American businesses and consumers approximately $20 billion annually, with spammers making a return of approximately $200 million per year [Rao, Reiley]. Rao and Reiley also note that spam provides nefarious individuals with one of the cheapest returns on investment as the production of spam is incredibly cheap.

Today’s blog post investigates a spam network and identifies behavioral patterns that could be useful for further ...

Hardening Your Infrastructure to Mitigate Leaks of Sensitive Data

Using encryption, choosing strong passwords, and properly generating secret keys is often perceived as all it takes to ensure that sensitive data remains confidential.

However, the operating system can still be leaking this data. In this blog post, we are going to review some common sources of leaks that are frequently overlooked, even by security professionals.  

In-memory data

Although there is currently a lot of research to mitigate this, sensitive data typically has to be stored unencrypted in memory in order to be ...

Gameover Zeus Registration Deep Dive

The Data

As described in previous bloggings by our very own Dhia, the Gameover Zeus malware has had two known variants, commonly referred to as oldGOZ and newGOZ. Both versions use an algorithm seeded on time to dynamically generate domains to contact for instructions. In this post, we dig deeper into newGOZ’s domain registration history and query volumes to identify patterns.

Through query co-occurrence and the predictability of the malware’s DGA we were able to collect a sample data set of domains ...

How OpenDNS Labs Sees the BASH Vulnerability

There have been many blog posts, tweets, and even a few webinars already scheduled to talk about the massive patch-forcing BASH vulnerability – more commonly known as “Shellshock”. OpenDNS Security Labs thought long and hard about how we would respond and decided that, in the best interest of the security community, we wouldn’t simply rehash what everyone else was saying. Instead, we decided to look at the queries made on our global infrastructure to see what observations could be made.

For ...