Phishing Infrastructure Fluxes All the Way

D. Kevin McGrath, Andrew Kalafut, Minaxi Gupta
2009 IEEE Security and Privacy  
As take-down efforts intensify, Internet fraudsters are beginning to employ novel techniques to keep their fraud campaigns afloat. A recent such technique is fast flux, where the DNS records of a fraud Web site are provisioned such that the site resolves to an unusually large number of IP addresses, each with a short validity. Fast flux hurts take-down efforts. This article studies aspects of detecting and defending against fast flux, and its prevalence in phishing today.
doi:10.1109/msp.2009.130 fatcat:qerejfl3rbhjxfualwz7td7ceu