Spotting and blacklisting malicious COVID-19-themed sites

2020-04-07 11:43

SpyCloud researchers have also discovered that existing community threat intelligence feeds such as Google Safe Browsing, OpenPhish or ThreatsHub flag only a small percent of the domains as malicious.

After gathering a list of of over 136,000 hostnames and fully qualified domain names with COVID-19 or coronavirus themes from a variety of open-source feeds, they "Parsed, deduplicated, and enriched the data with HTTP, additional DNS analysis, and WHOIS data that was manually collected" and found that many of the domains have active web content, but some merely display "Placeholder" content indicating they've been purchased and "Parked" at the registrar.

"Domain scalping may account for some of these purchases; for example, someone might purchase domains related to COVID-19 cures or vaccines with the hope of eventually selling them to a pharmaceutical company."

78.4% of the COVID-19-themed domains use HTTP, the rest HTTPS. GoDaddy, NameCheap, Google, Name.com, and Tucows are the most popular domain registrars used by registrants of COVID-19 themed sites.

Some domain registrars have pledged to step up their efforts to actively find and take down fraudulent sites and to prevent registrations with certain keywords.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/dEJn8FjMZzA/

#covid19