Extra Feeds & Services »

Home / Blogs

Phishing Registrar Accounts: eNom is First Target

  • Oct 29, 2008 10:00 AM PDT
  • Comments: 4
  • Views: 1,815
Print Comment
By Gadi Evron

Criminals are now looking to use established domain names, via phishing targeted at domain registrars. This is possibly related to ICANN finally moving to stop the black hat registrars of the world.

According to the first report on the matter sent yesterday to Registrar Operations (reg-ops) mailing list, the attacks seem to be run by gang of child pornography spammers. The domain names in the .biz TLD are all using fast flux technology to make the attack more difficult to mitigate.

Ironically, the email spam claims that the user's domain, according to the subject, has "Inaccurate Whois information".

Until eNom and other registrars get their anti-phishing services in place, I believe it is the job of the Internet security operations community to help them out by taking down these attacks.

The Registrar Operations group (reg-ops) will be watching for these and mitigating them as fast as possible, in close cooperation with the registrars and the security community.

Written by Gadi Evron, Security Architect. Visit the blog maintained by Gadi Evron here.

Related topics: Domain Names, Security, Top-Level Domains

Get a weekly summary of postings to CircleID:

 Master Feed (more feeds)      Twitter      Mobile
Bookmark / Email This Post
Print Comment

Comments

Network Solutions just got it. Working on Gadi Evron  –  Oct 29, 2008 3:42 PM PDT

Network Solutions just got it. Working on it.

# 1 Reply  |  Link  |  Report Problems
Moniker too. Anyone cares about black hat Gadi Evron  –  Oct 29, 2008 4:01 PM PDT

Moniker too. Anyone cares about black hat registrars?

# 2 Reply  |  Link  |  Report Problems
the phisher's goals and methods in these attacks Greg Aaron  –  Oct 30, 2008 7:47 AM PDT

Registrars have been phishing targets since 2007, and so it is important for them to have plans to react when they become phishing targets.  Registrars have been phishing targets since 2007, and phishers usually do not use "black hat" registrars when registering domain names for their own use.  So it seems unlikely to me that this is related to ICANN's ongoing termination effort against EstDomains. 

In these attacks, the phishers' goal is to get access to a registrant's account via the registrar interface, and thereby gain the ability to purchase domains via the registrant account, control the DNS of the registrant's domains, etc.

# 3 Reply  |  Link  |  Report Problems
Greg, my friend. Thank you for your Gadi Evron  –  Oct 30, 2008 8:01 AM PDT

Greg, my friend. Thank you for your comment. to further clarify your point:

Malicious activity-wise, the criminals often test their attacks before they fully unleash them. I believe that is also what happened here. Only in this case they also used the date of the ICANN information confirmation messages for their phishing spam run.

As to the why, theoretically, if a criminal uses a real domain name which for our example's purpose, is used for an ecommerce website--suspending it due to abusive activity is going to be more problematic than normal, to say the least.

# 4 Reply  |  Link  |  Report Problems

To post comments, please login or create an account.

Related Blogs

What are TLDs Good For?

  • Jul 03, 2009
  • Comments: 1

Presenting a Way Forward: Step-by-Step and ICANN's New gTLD Process

  • Jul 02, 2009
  • Comments: 0

Who Needs More TLDs?

  • Jul 01, 2009
  • Comments: 4

New Top-Level Domains and Software Implications

  • Jun 25, 2009
  • Comments: 0

The Proxy Fight for Iranian Democracy

  • Jun 22, 2009
  • Comments: 2
View More

Related News

US Teaming Up With Italy to Combat Cybercrime

  • Jun 30, 2009
  • Comments: 0

Trojans Fastest Growing Category of Data-Stealing Malware

  • Jun 30, 2009
  • Comments: 0

Companies Trademarking Possible Future Top-Level Domains

  • Jun 29, 2009
  • Comments: 3

US Continues to Lead As Top Country Hosting Phishing Attacks

  • Jun 29, 2009
  • Comments: 0

Gary Warner: We Are Well Past Time to Declare a Spam Crisis in China

  • Jun 29, 2009
  • Comments: 4
View More

Industry Updates – Sponsored Posts

Latest Brandjacking Index Examines How Fraudsters Abuse Financial Brands

NeuStar Addresses DNS Vulnerability with Cache Defender, a Secure DNS Authentication System

A Seemingly Overwhelming Number of Important Documents Released by ICANN

.ORG First Open Top-Level Domain to be Signed with DNSSEC

  • By PIR
  • Views: 873

DNSSEC Industry Coalition Symposium is Announced

  • By PIR
  • Views: 922

dotMobi Names AutoTrader.mobi as Millionth Site Tested by Acclaimed mobiReady Tool

SPIL GAMES Chooses MarkMonitor for Global Domain Management

Mobile Banking Benchmarks Now Available

Facebook Selects MarkMonitor Antifraud Solutions to Combat Malware

Perspectives from a Nonprofit Domain Name Registry on Navigating the Social Media Frontier

  • By PIR
  • Views: 1,868

Flawed Economic Analysis of New gTLDs

Benchmarks that Measure Five Critical Dimensions of Success for Mobile Websites

IP Rights in Digital Environment Key Element of Proposed Treaty

MarkMonitor AntiFraud Solutions, Combining Proven Antiphishing and Expert Antimalware Capabilities

Go Daddy Launches Instant Mobilizer from dotMobi

New Study of Mobile Web Trends Demonstrates Strong Growth of Mobile Content Availability

Identify Infringing Domains to Optimize Online Search Marketing Spend

dotMobi Announces Launch of First Two-Letter Mobile Domain by Nevada Commission on Tourism

DomainPeople Opens .Tel General Registration with Prices that are 90% from Landrush Rate

Consider Planning Now for Internationalized Top-Level Domains

View More