Dynamics of online scam hosting infrastructure

Maria Konte, Nick Feamster, Jaeyeon Jung

Research output: Chapter in Book/Report/Conference proceedingConference contribution

32 Scopus citations


This paper studies the dynamics of scam hosting infrastructure, with an emphasis on the role of fast-flux service networks. By monitoring changes in DNS records of over 350 distinct spam-advertised domains collected from URLs in 115,000 spam emails received at a large spam sinkhole, we measure the rates and locations of remapping DNS records, and the rates at which "fresh" IP addresses are used. We find that, unlike the short-lived nature of the scams themselves, the infrastructure that hosts these scams has relatively persistent features that may ultimately assist detection.

Original languageEnglish (US)
Title of host publicationPassive and Active Network Measurement - 10th International Conference, PAM 2009, Proceedings
Number of pages10
StatePublished - 2009
Event10th International Conference on Passive and Active Network Measurement, PAM 2009 - Seoul, Korea, Republic of
Duration: Apr 1 2009Apr 3 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other10th International Conference on Passive and Active Network Measurement, PAM 2009
Country/TerritoryKorea, Republic of

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Dynamics of online scam hosting infrastructure'. Together they form a unique fingerprint.

Cite this