Malware authors have found a way to evade URL-blocking systems by swapping bad domain names with unknown ones.
For some time now URL filtering techniques have provided a fairly reliable way for organizations to block traffic into their network from domains that are known to be malicious. But as with almost every defense mechanism, threat actors appear to have found a way around that as well.
Security researchers from Cyren are warning about a new tactic for fooling Web security and URL–filtering systems. The technique, which Cyren has dubbed “Ghost Host,” is designed to evade host and domain blacklists by swapping bad domain names and inserting random, non-malicious host names in the HTTP host field instead.
Source: Dark Reading