Study of Blacklisted Malicious Domains from a Microsoft Windows End-user Perspective: Is It Safe Behind the Wall?
Peer reviewed, Journal article
Accepted version
Åpne
Permanent lenke
https://hdl.handle.net/11250/2733490Utgivelsesdato
2020Metadata
Vis full innførselSamlinger
Sammendrag
The Internet is a dangerous place, _lled with di_erent cyber threats, including malware. To withstand this, blacklists have been utilized for a long time to block known infection and delivery sources. However, through blacklisting the domain names we are leaving a landscape of threats to be unknown and forgotten. In this paper, _rst, we investigate the current state-of-the-art in cyber threats available on such blacklists. Then, we study the corresponding malicious actors and reveal that those persistently appear since 2006. By shedding light on this part of the cyber threat landscape we target increased infor-mation security perception of the landscape from the perspective of the average end-user. Moreover, it is clear that the blacklisting the domains should not be one-way function and need to be regularly re-evaluated. Moreover, blacklisting might not be enforced by client applications in addition to outdated system software leaving real danger. For prac-tical evaluation, we created a multi-focused experimental setup employing di_erent MS Windows OS and browser versions. This allowed us to perform a thorough analysis of blacklisted domains from the perspective of the published information, content retrieved and possible malware distribution campaigns. We believe that this paper serves as a step-ping stone in a re-evaluation of the once found and then blacklisted domains from the perspective of minimal security protection of a general user, who might not be equipped with a blacklisting mechanism.