On 03/04/2022 19:39, Theo Geurts via CPWG wrote:
Good write up John,
Do you have any stats on DGA botnet domains? I have not seen much of those in the last few years, but since Avalanche (2016) and Conficker (2008) they are not the size they used to be? I do see them at other places, blockchain, IOT, dropbox API abuse.
I haven't been specifically tracking botnet domains, Theo, One possible reason for the decline in the size of DGA networks might be due to the algorithms being cracked and registries being more willing to cooperate. Bad actors may also seek to obscure their footprint as much as possible and using multiple algorithms with smaller networks is an effective way to do it. With discounted new gTLDs, they also can distribute DGA domain names. Again, the scale of one year registrations works in their favour. Even .COM has about 43% non-renewals (it varies by month/season) for first year registrations. Regards...jmcc -- -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by AVG. https://www.avg.com