Abstract: A computer-implemented method, a computer program product, and a computer system for creating malware domain sinkholes by domain clustering. The computer system clusters malware domains into domain clusters. The computer system collects domain metrics in the domain clusters. The computer system sorts clustered malware domains in the respective ones of the domain clusters, based on the domain metrics. The computer system selects, from the clustered malware domains in the respective ones of the domain clusters, a predetermined number of top domains as candidates of respective domain sinkholes, wherein the respective domain sinkholes are created for the respective ones of the domain clusters.

Abstract: Countering phishing attacks by generating multiple synthetic victims, where each of the synthetic victims includes synthetic victim information that represents a computer user identity and includes associated sensitive information, where the computer user identity and its associated sensitive information are fictitious in that they are not known to be associated with a legitimate computer user, providing any of the synthetic victim information of the synthetic victims to a computer-hosted phishing site, storing the synthetic victim information in a computer-accessible database, receiving from a computer-hosted target site information provided to the computer-hosted target site by a requestor, identifying in the computer-accessible database database synthetic victim information matching the requestor information, and notifying the computer-hosted target site that the requestor information is of a synthetic victim.

Abstract: A computer-implemented method, a computer program product, and a computer system for creating malware domain sinkholes by domain clustering. The computer system clusters malware domains into domain clusters. The computer system collects domain metrics in the domain clusters. The computer system sorts clustered malware domains in the respective ones of the domain clusters, based on the domain metrics. The computer system selects, from the clustered malware domains in the respective ones of the domain clusters, a predetermined number of top domains as candidates of respective domain sinkholes, wherein the respective domain sinkholes are created for the respective ones of the domain clusters.

Abstract: A method, system and computer-usable medium are disclosed for obtaining domain name system (DNS) monitoring data. A DNS data collector that can be either part of a local network or part of an external network is implemented. The DNS data collector receives and collects logs from DNS transactions collected from various sources that include DNS resolvers, DNS servers, and DNS aggregator, which can be part of a local network or can be part of an external network. The DNS data collector determines if the DNS logs are missing any data related to the DNS transactions. The missing DNS data is looked up and the DNS logs are completed. Completed DNS logs can then be sent for analysis, such as for DNS traffic threats.

Abstract: Countering phishing attacks by generating multiple synthetic victims, where each of the synthetic victims includes synthetic victim information that represents a computer user identity and includes associated sensitive information, where the computer user identity and its associated sensitive information are fictitious in that they are not known to be associated with a legitimate computer user, providing any of the synthetic victim information of the synthetic victims to a computer-hosted phishing site, storing the synthetic victim information in a computer-accessible database, receiving from a computer-hosted target site information provided to the computer-hosted target site by a requestor, identifying in the computer-accessible database database synthetic victim information matching the requestor information, and notifying the computer-hosted target site that the requestor information is of a synthetic victim.