back to article Boffins predict web scams with domain registration data

A group of American boffins is loosing artificial intelligence on web scams, demonstrating that analysis of domains at the time of registration can provide an early warning of those that will later be home to spammers and scammers. The idea is to tag the kinds of behaviour at registration time that hints someone is preparing …

  1. Number6

    We need something similar to the RBL lookups used for IP addresses. Something that would tell you how long a domain has been registered, even if it's just <30, <60, <90, <180, <365 or older, so that when my scanner looks through an email, it can quickly and easily do a lookup and score shiny new domains accordingly. Doing a whois on all domains and parsing for the creation date is not trivial and probably violates the terms of service of the whois providers, given the volume of lookups.

  2. Mark 85

    Can we get the list...daily or maybe weekly?

    It would make the HOSTS file rather large, rather quickly I fear.

    1. Anonymous Coward
      Anonymous Coward

      Re: Can we get the list...daily or maybe weekly?

      That's something I've never thoght to benchmark. Some 30,000,000 hosts added over a year, less the negatives would be what? How long does take a dual Xeon x5550 take.,i.e. what's the latency. Hmmm....

  3. Destroy All Monsters Silver badge
    Trollface

    Yup!

    The idea is to tag the kids of behaviour at registration time

    You never know with millenials...

  4. richardcox13

    Stats Error!

    > […]and they claim a false positive rate of just 0.35 per cent.

    > (Since they write that 80,000 domains are registered each day, that's still around 250 sites a day unfairly tagged as evil, so PREDATOR still needs some refinement on that score).

    The false positive rate is the proportion of sites tagged as fraudulent that shouldn't be. Not the proportion of all registrations. So it will be fewer than 250 falsely tagged sites. The paper does not seem (on a quick scan through) to suggest what proportion of registrations are fraudulent, but that 0.35% should be applied to that number not the total number of registrations.

    1. J__M__M

      Re: Stats Error!

      And 100% of those false positives deserve it. Why? Because they picked a shitty domain name.

  5. Mage Silver badge

    AI?

    It sounds nearly doable with a regex based script ...

    1. Anonymous Coward
      Anonymous Coward

      Re: AI?

      > It sounds nearly doable with a regex based script

      Be posting that prototype on your Github soon?

  6. John Smith 19 Gold badge
    Unhappy

    Got to wonder if the registrars check if the return IP addresses are fake

    I'm guessing the 10 popular ones don't.

    Or implement any other kind of cursory check to see if the outfit doing the registering is remotely legitimate.

    1. thomn8r

      Re: Got to wonder if the registrars check if the return IP addresses are fake

      >Or implement any other kind of cursory check to see if the outfit doing the registering is remotely legitimate.

      Did the check clear? It's legitimate.

      Next!

    2. Anonymous Coward
      Anonymous Coward

      Re: Got to wonder if the registrars check if the return IP addresses are fake

      Excuse me, but what "return IP addresses" are you talking about?

      A large number of domain registrations simply do not exist in DNS. Others never get any A / AAAA records.

      Could you please explain?

  7. Stevie

    Bah!

    "No-one who looks like a ventriloquist will be admitted"

    Flann O' Brien

    The Best of Myles

  8. Allan George Dyer
    Paris Hilton

    "Scammers also watch out for registrars bulk discounts"

    Am I just being terminally dim? Who has a legitimate need for bulk registration of domains?

    1. Number6

      Depending on what sort of hosting service you are, you might be able to aggregate a bunch of new customers into such a thing, where you charge them the 'standard' rate for their individual domains but make a profit because you're being charged the discount rate.

    2. Anonymous Coward
      Anonymous Coward

      > Who has a legitimate need for bulk registration of domains?

      Resellers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like