Home / Blogs

Compromised Portfolios of Legitimate Domain Names for Sale

Dancho Danchev

Is the demand for access to compromised legitimate portfolios of domain names — where the price is based on the pagerank and is shaped by the number of domains in question — the main growth factor for the increasing supply of such stolen accounting data? Or is it the result of cybercriminals data mining their botnets for accounting data that would provide them with access to such portfolios of high trafficked domains with clean reputation? Moreover, would such a data mining approach made easily possible due to the availability of botnet parsing services and stolen accounting data dumps streaming directly from a botnet? And would this in fact be a more efficient approach in injecting their malicious presence on as many hosts as possible — next to the plain simple massive SQL injection approach?

As always, it's a matter of who you're dealing with, and their understanding of the exclusiveness of a particular underground item at a given period of time. This exclusiveness is inevitably going to increase due to the fact that there are several "vendors" that are already purchasing access to such portfolios, as well as compromised Cpanel accounts as a core business. They would later resell the access at a higher price, enjoying the underground market's lack of transparency, or directly monetize and break-even immediately. As for this particular proposition for an account with 404 domains in it, it's interesting to monitor how the seller is soliciting bids from multiple sources by leaving the price an open topic, clearly indicating his low profile into the underground ecosystem. How come? An experienced seller or buyer would be offering or requesting pagerank verification respectively.

With nearly each and every aspect of cybercrime already available as a service, or literally outsourced as a process to those supposedly excelling into a particular practice, building capabilities for data mining botnets are no longer a requirement. People behind the botnets monetize all the data coming from it by soliciting deals of accounting data dumps based on a particular country.

By Dancho Danchev, Independent Security Consultant. More blog posts from Dancho Danchev can also be read here.

Related topics: Domain Names, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

NSW Government Launches .sydney Domain

New .VOTE and .VOTO Domains Now Available

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

Verisign Launches New Monthly Blog Series: Top 10 Keywords Registered in .COM and .NET

.LGBT Public Launch Begins Today

Verisign Celebrates .com's 30th Anniversary, Launches Domain Name Contest

What's in Your Attack Surface?

New .LGBT Domain Sunrise Period Begins

Minds + Machines in 2014 and 2015

DNW Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Video Interviews from ICANN 51 in Los Angeles

Update on Minds + Machines' Top-Level Domain Launches

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias