Specification of Malicious URL

With the rapid development of internet in the recent years, malware is very prevalent and brings severe threats to users. Most kinds of malware depend on URL as transmission carrier to control or transmit in order to support themselves. Therefore, whether the URL is safe or not makes huge effects on malware execution, and the way of identifying malicious URL through malicious-URL-based rapid detection will be more and more important. There are no normative descriptions and nomenclature in the industry right now, so we hereby write this Specification of Malicious URL.

The specification mainly describes things about the transmission carrier URL (the malicious URL) of malware, such as definition, attribute and classification, nomenclature and so on. According to the risk levels and specific attributes, we divide the malicious URL into the following seven categories: remote, privacy, spread, fraud, rogue, potential and other, as the following table shows. The malicious URL nomenclature adopts segment format, turning into the followings: main category code, detail attribute code of malicious URL, malicious URL family name, variant name and extent field.

Attachment: Specification of Malicious URL