OpenDNS has gone public with a new analytics tool that can be used to detect malicious domains used in APT and cybercrime campaigns. NLPRank is not ready for production, but the threat model has been proven out and false positives kept in check. The tool uses a minimum edit-distance algorithm used in spell-checkers and other applications to whittle down words used for typo-squatting domains and legitimate domains to weed out malicious domains. Data from Carbanak, DarkHotel and other APT groups uncovered by Kaspersky Lab are among the data sets used to put the tool through its paces.
Source: https://threatpost.com/new-analytics-tool-defines-language-used-by-malicious-domains/111462/