-
Blogs
-
News
-
Industry
-
Community
-
Topics
Criminals are now looking to use established domain names, via phishing targeted at domain registrars. This is possibly related to ICANN finally moving to stop the black hat registrars of the world.
According to the first report on the matter sent yesterday to Registrar Operations (reg-ops) mailing list, the attacks seem to be run by gang of child pornography spammers. The domain names in the .biz TLD are all using fast flux technology to make the attack more difficult to mitigate.
Ironically, the email spam claims that the user's domain, according to the subject, has "Inaccurate Whois information".
Until eNom and other registrars get their anti-phishing services in place, I believe it is the job of the Internet security operations community to help them out by taking down these attacks.
The Registrar Operations group (reg-ops) will be watching for these and mitigating them as fast as possible, in close cooperation with the registrars and the security community.
By Gadi Evron, Security Strategist. Visit the blog maintained by Gadi Evron here.
Related topics: Domain Names, Email, ICANN, Security, Top-Level Domains
To post comments, please login or create an account.
Top-Level DomainsSponsored byMinds + Machines | |
DNSSECSponsored byAfilias | |
MobileSponsored bydotMobi | |
DNSSponsored byNeustar UltraDNS | |
SecuritySponsored byVerisign |
Network Solutions just got it. Working on it.
Moniker too. Anyone cares about black hat registrars?
Registrars have been phishing targets since 2007, and so it is important for them to have plans to react when they become phishing targets. Registrars have been phishing targets since 2007, and phishers usually do not use "black hat" registrars when registering domain names for their own use. So it seems unlikely to me that this is related to ICANN's ongoing termination effort against EstDomains.
In these attacks, the phishers' goal is to get access to a registrant's account via the registrar interface, and thereby gain the ability to purchase domains via the registrant account, control the DNS of the registrant's domains, etc.
Greg, my friend. Thank you for your comment. to further clarify your point:
Malicious activity-wise, the criminals often test their attacks before they fully unleash them. I believe that is also what happened here. Only in this case they also used the date of the ICANN information confirmation messages for their phishing spam run.
As to the why, theoretically, if a criminal uses a real domain name which for our example's purpose, is used for an ecommerce website--suspending it due to abusive activity is going to be more problematic than normal, to say the least.