Discovering and Measuring Malicious URL Redirection Campaigns from Fake News Domains

Zhouhan Chen, Juliana Freire

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Malicious URLs are used to distribute malware and launch social engineering attacks. They often hide behind redirection networks to evade detection. Due to the difficulty in discovering redirection traffic in real-Time, previous approaches to understanding redirection networks were reactive and passive. We propose a proactive algorithm that is able to uncover redirection networks in real-Time given a small set of seed domains. Our method works in three steps: (1) collecting redirection paths, (2) clustering domains that share common nodes along redirection paths, and (3) searching for other domains co-hosted on similar IP addresses. We evaluate our method using real websites that we discovered while auditing 2,300 popular fake news sites. We seeded our algorithm with a subset of 276 fake news domains that redirect, and uncovered three large-scale redirection campaigns. We further verified that 91% of entry point domains were not new, but recently expired, re-registered, and parked on dedicated hosts. To mitigate this threat vector, we deployed our system to automatically collect newly re-registered domains and publish new redirection networks. During a five-month period, our threat intelligence reports have received over 50,000 Google Search impressions, and have been recommended by commercial vendor tools. We also reported findings to Google and Amazon Web Services, both of which have acted promptly to remove malicious artifacts. Our work offers a viable approach to continuously discover evasive redirection traffic from re-registered domains.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-6
Number of pages6
ISBN (Electronic)9781728189345
DOIs
StatePublished - May 2021
Event2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021 - Virtual, Online
Duration: May 27 2021 → …

Publication series

NameProceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021

Conference

Conference2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
CityVirtual, Online
Period5/27/21 → …

Keywords

  • URL redirection
  • domain registration
  • expired domain
  • fake news
  • proactive discovery
  • redirection campaign

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Discovering and Measuring Malicious URL Redirection Campaigns from Fake News Domains'. Together they form a unique fingerprint.

Cite this