How 'One-Day Wonder' websites help disguise malware

A new study released Tuesday reveals that 71 percent of all Internet hostnames exist for less than 24 hours, while a high volume of those pose threats to everyday Web users. 

Websites come and go. But a majority of them exist for less than a day before disappearing. 

While most people think of the Internet as being made of domain names, such as tumblr.com, a lot of the Internet's day-to-day growth comes from hostnames, the term for certain areas within a site, such as politicsprose.tumblr.com or neil-gaiman.tumblr.com.

New research released Tuesday from Blue Coat Security Labs, a Web security company based in San Francisco, says that 71 percent of all Internet hostnames appear for less than 24 hours. Of the top 50 domains that create short-lived hostnames, 22 percent pose threats to Web users.

Analyzing more than 660 million unique hostnames over a 90-day period, 470 million existed for one day or less. Each day, a new "One-Day Wonder" appears for every 15 people on the planet, the report states. 

Many of these short-lived sites are created by Web giants such as Google, Amazon, and Yahoo or by popular blogging sites such as Blogspot, Tumblr, and Wordpress. 

The report highlights that creators of malware often hide their malicious code in short-lived websites, as sites that are new and unknown can more easily evade Web security measures.

"The people that get infected with bots are primarily home users," says Tim van der Horst, a senior threat researcher at Blue Coat who helped compile the report, "One-Day Wonders: How Malware Hides among the Internet's Short-Lived Websites." 

While the low-level threats present in such short-lived sites do not pose the same kind of threat as, say, Heartbleed, the Internet bug that exposed secure data from more than two-thirds of the Internet's servers, Blue Coat researchers urge Internet users to take preventive measures, especially since small threats, left untended over time, can build up to pose a larger threat. 

"This smaller stuff is more of the low-level background radiation," Mr. van der Horst says. "It's the little things that you need to take care of." 

Recently, mobile operating systems have proven to be fertile ground for hackers. A form of malware known as "ransomware" – so called because it locks up a computer or device and holds it ransom until the user pays a price – has long been known to infect computers, but has now been found to infect mobile devices as well. In the past month, roughly 900,000 Android phones have been targeted, according to Lookout, a mobile security firm in San Francisco. 

Earlier this month, news surfaced that a group of Russian hackers had collected more than a billion user names and passwords, sparking renewed awareness of the vigilance everyday users are advised to take when it comes to their online activities.

To ensure safety, Blue Coat researchers stress basic Web precautions, which often amounts to a "think before you click" mantra. 

That includes links that appear in your e-mail inbox from users you don't know, as well as links that appear in places such as Twitter and Facebook. 

"If you're searching for Halloween stuff and the link that Google is showing you is a '.ru' or a '.in' you might ask, 'well, why would there be Halloween stuff in Russia or India?" says Chris Larsen, a software architect with the Webpulse research team who also helped compile the report. 

Mr. Larsen adds that hackers, on the whole, are becoming increasingly sophisticated. 

"The bad guys are getting much more mature and dedicated in their field," he says. "From even 10 years ago, they're smarter. They know that if they do enough of it, they'll get a good return on their investment." 

Granted, a company such as Blue Coat has an interest in spreading awareness of online threats as it sells security technology that give businesses and individuals analysis of cybersecurity threats and attacks.