METHOD AND SYSTEM FOR DETECTING MALICIOUS AND/OR BOTNET-RELATED DOMAIN NAMES
First Claim
1. A method of detecting at least one malicious and/or botnet-related domain name, comprising:
- reviewing at least one domain name used in Domain Name System (DNS) traffic in at least one network;
searching for information about the at least one domain name, the information related to;
information about the at least one domain name in at least one domain name white list and/or at least one domain name suspicious list; and
information about the at least one domain name using an Internet search engine,wherein the Internet search engine determines if there are no search results or at least one search result with a link to at least one malware analysis site; and
designating the at least one domain name as malicious and/or botnet-related based on the information.
12 Assignments
0 Petitions
Accused Products
Abstract
A method and system of detecting a malicious and/or botnet-related domain name, comprising: reviewing a domain name used in Domain Name System (DNS) traffic in a network; searching for information about the domain name, the information related to: information about the domain name in a domain name white list and/or a domain name suspicious list; and information about the domain name using an Internet search engine, wherein the Internet search engine determines if there are no search results or search results with a link to at least one malware analysis site; and designating the domain name as malicious and/or botnet-related based on the information.
548 Citations
24 Claims
-
1. A method of detecting at least one malicious and/or botnet-related domain name, comprising:
-
reviewing at least one domain name used in Domain Name System (DNS) traffic in at least one network; searching for information about the at least one domain name, the information related to; information about the at least one domain name in at least one domain name white list and/or at least one domain name suspicious list; and information about the at least one domain name using an Internet search engine, wherein the Internet search engine determines if there are no search results or at least one search result with a link to at least one malware analysis site; and designating the at least one domain name as malicious and/or botnet-related based on the information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computerized system for performing malware analysis on at least one guest environment, the system comprising:
-
at least one server coupled to at least one network; at least one user terminal coupled to the at least one network; at least one application coupled to the at least one server and/or the at least one user terminal, wherein the at least one application is configured for; reviewing at least one domain name used in Domain Name System (DNS) traffic in at least one network; searching for information about the at least one domain name, the information related to; information about the at least one domain name in at least one domain name white list and/or at least one domain name suspicious list; and information about the at least one domain name using an Internet search engine, wherein the Internet search engine determines if there are no search results or at least one search result with a link to at least one malware analysis site; and designating the at least one domain name as malicious and/or botnet-related based on the information. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification