- Joined
- Dec 26, 2007
- Messages
- 7,357
- Reaction score
- 223
Seriously, it has. A big problem with my users now is malware (spyware, viruses, etc...). A bigger problem (aside from getting the user to admit that they went to places they shouldn't have) is looking in their history and trying to figure out where the spyware has come from.
Now that I've learned about the value in domains it has made it easier to see where the malware might have come from.
For example, I had one client who was getting blue screens. I checked the error logs and something was attaching and trying to disable sygate (which would give you a blue screen on our network). What would do that? Something trying to infect something else (the user's PC, our network, the servers, whatever).
So, I checked the user's internet history and this is what came up:
(Note: conclusions are based on the domain name, I didn't go to any of the sites)
maps.com was one and common.
1-2 years ago I would have flagged this as the malware site. My thought would have been "well, they have a top of the line kind of domain so they'll fill it up with malware to infect as many computers as possible".
Now, I see maps.com and I see a premium category killer domain name, one that coule fetch $xx,xxx easily even with no traffic and with an established website could easily go seven figures (don't bash me if my appraisal is way off, I'm not good at them, I tend to lowball a lot). Someone willing to invest this much would not want to risk the domain and their reputation with malware, they'd want to sell maps and get people coming back to them.
Chances are that this is not the source of the spyware (unless it came from a paid ad).
Next, and this is only an example (I don't remember the exact domain name)
Georgescheapairlineticketsonlinestore.com
OK, 2 years ago I would have thought this was suspicious but could be legit since it seems that someone really tried to find the domain name and ended up with this one.
Now, I see it as a low level domain. Sure, it has postential but whoever did it would end up spending more promoting it and developing a very good site that it would have been better to get a much better domain name. Chances are, this is the source of the malware.
Now that I've learned about the value in domains it has made it easier to see where the malware might have come from.
For example, I had one client who was getting blue screens. I checked the error logs and something was attaching and trying to disable sygate (which would give you a blue screen on our network). What would do that? Something trying to infect something else (the user's PC, our network, the servers, whatever).
So, I checked the user's internet history and this is what came up:
(Note: conclusions are based on the domain name, I didn't go to any of the sites)
maps.com was one and common.
1-2 years ago I would have flagged this as the malware site. My thought would have been "well, they have a top of the line kind of domain so they'll fill it up with malware to infect as many computers as possible".
Now, I see maps.com and I see a premium category killer domain name, one that coule fetch $xx,xxx easily even with no traffic and with an established website could easily go seven figures (don't bash me if my appraisal is way off, I'm not good at them, I tend to lowball a lot). Someone willing to invest this much would not want to risk the domain and their reputation with malware, they'd want to sell maps and get people coming back to them.
Chances are that this is not the source of the spyware (unless it came from a paid ad).
Next, and this is only an example (I don't remember the exact domain name)
Georgescheapairlineticketsonlinestore.com
OK, 2 years ago I would have thought this was suspicious but could be legit since it seems that someone really tried to find the domain name and ended up with this one.
Now, I see it as a low level domain. Sure, it has postential but whoever did it would end up spending more promoting it and developing a very good site that it would have been better to get a much better domain name. Chances are, this is the source of the malware.