Will subdomains containing bad files cause other subdomains to be blocked?

[ljwagerfield]

Hi,

I'm interested to learn how Malwarebytes handles services like AWS S3, AWS CloudFront, and so forth, who give separate subdomains to each account holder.

Specifically, will Malwarebytes block the root domain or only the subdomain?

For example:

If a bad user owns "bad.s3.us-east-1amazonaws.com" and a good user owns "good.s3.us-east-1amazonaws.com", then will Malwarebytes potentially block all subdomains of "*.s3.us-east-1amazonaws.com", or does it strictly limit blocks to only subdomain where bad files are detected?

I'm asking because we run a file hosting service similar to AWS S3, and I'm keen to isolate the reputation scores of our users' files, such that a "bad account" doesn't cause all other good accounts to become blocked.

Thanks in advance!

[JPopovic]

Hello,

If it's a domain where 90% of its subdomains host malware, then we prefer to block that instead of the subdomains (to block parent domain and all subdomains). Otherwise we detect on the malicious subdomains only, which won't detect the parent domain.

Thank you.

[ljwagerfield]

That's great to know, thank you Jovan!

[JPopovic]

You're welcome!