It’s no secret that there are a lot of websites on the internet hosting malicious content whether they be phishing pages, scams or malware itself.

Every day we hear of new attacks, there’s a common denominator of either a user having clicked on a link to a fraudulent website or a site having played host to code that pulled a malicious payload down from a third-party server.

Security products generally do a decent job of watching over the shoulder of your users, blocking access to sites that are known to be malicious and examining content as it is served up to a browser in an attempt to determine if it could be up to no good. But security researchers at Palo Alto Networks propose that there might be an additional simple step your company might like to take to better defend your users against threats: aggressively block all domains less than one month old.

As a piece of advice, blocking newly-registered domains (NRDs) certainly makes some sense. One of the major differences between fraudulent and legitimate sites is that sites specifically created with the purpose of committing a cybercrime tend to be much younger. And by their very nature, once they are recognized as malicious, they are often shut down or abandoned soon after their birth.

Most of the sites that your users have a legitimate reason to visit will be established sites that have existed for longer than one month. There should be relatively few instances where their browser has a legitimate business reason to reach a website hosted on a domain that has only just been registered.

As the researchers describe, NRDs are often used for a variety of murky activities including but not limited to malware distribution, typosquatting, phishing, adware, spam and as part of command (Read more...)