“One day wonder” websites, which are only online for 24 hours, are responsible for attack sources and for command and control purposes.
According to research by Blue Coat, the majority of websites used for malicious attacks are alive for only 24 hours. Its analysis of more than 660 million unique hostnames requested by 75 million users over a 90-day period earlier this year found that 71 per cent of the hostnames (470 million) were “one day wonders,” while 22 per cent of the top 50 One-Day Wonders domains were malicious.
The company claimed that one day wonders are particularly popular with cyber criminals because they are harder to thwart than static domains, and by generating a high volume of domains, the chances are increased that some percentage will be missed by security controls.
“While most one day wonders are essential to legitimate Internet practices and aren’t malicious, the sheer volume of them creates the perfect environment for malicious activity,” said Tim van der Horst, senior threat researcher for Blue Coat Systems.
“The rapid building up and tearing down of new and unknown sites destabilises many existing security controls. Understanding what these sites are and how they are used is a key to building a better security posture.”