New malign mechanism has damaged URL filtering

January 07, 2017

New malign mechanism has damaged URL filtering Another malware has been designed to avoid URL filtering by replacing unfavorable domain names with unknow ones. From there, the old URL filtering methods which have been utilized to prevent traffic income from black-listed malevolent domains have lost their efficiency and required modification.

The malignant system called “Ghost Host” has been discovered by Cyren’s security researches. According to their testimony, it has been created to escape from host and domain banned list by exchanging restricted names with random harmless unity. The malware uses ghost hosts in HTTP headers connecting to various destinations hosted on different IPs. From this perspective, network security systems responsible for HTTP headers inspecting do not detect the masked connection to malignant content and permit traffic exchange. The spiteful IP noted as a final destination point is the same which is utilized for building the link in the first phase but this fact is hidden by a ghost host usage.

On top of that, HTTP requests can be manipulated by malware designers to deceive URL filtering system. Employing an HTTP client which is linked to one malevolent address, they transmit HTTP requests heading with customized info.

From this perspective, internet users need to undertake some protective measures to detest new malware and not to be tricked. That’s why they need to use a VPN service which recognizes infected content and fences its customers in malicious traffic.

Write comment