At a closed-door security summit hosted on Yahoo's Sunnyvale campus last week, a researcher demonstrated a new technique to more easily identify phishing and other malicious Websites.

Dan Hubbard, vice president of security research for Websense, showed a tool their researchers have built that detects domains that were automatically registered by machines rather than humans—a method increasingly being used by the bad guys, he says. "[Automation] is being used more and more," Hubbard says. The tool's algorithm determines whether a domain name was registered by man or machine, by assessing whether the domain and URL are "human consumable," or "whether someone would type that into a URL or search for that" site. It scores the likelihood of maliciousness of the domain and host name based on patterns in the name. The tool is reported to have 99.9% rate of accuracy, and that automatically generated domains to date represent over 1 percent of the nearly 1 million domains registered each day—and rising.

Read Full Story: Dark Reading

See Related Topics: DNS, Domain Names, Security