Can flagging new domain names help stop the spread of malware?
We all get emails with links that go to phishing and malware sites. There’s one thing in common with most of the domains hosting this bad stuff: they were registered a short time ago.
In fact, many malware networks are programmed to frequently register new domain names to keep one step ahead of blacklists*.
Boeing (NYSE:BA), a company that is certainly a target for malware attacks, has come up with a creative solution to weed out these potentially harmful links without relying on out-of-date URL blacklists.
In a patent application (pdf) filed last year and publised by the U.S. Patent and Trademark office today, the company outlines a way to flag links in emails from what it calls “newborn” domains.
Basically, a service will ping whois to check the registration date of any domain names linked to within an email. If they are within a set timeframe, the email server could remediate risk by disabling the link, providing a warning to the recipient, or not delivering the email.
It’s an amazingly simple idea that I hope is put into commercial use.
* On the same day Boeing filed its patent application, Cisco filed one (pdf) for detecting domain names registered as part of these systems.