Cybercrime

Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Domain Research and Monitoring: Keeping an Eye on the Web for You

Cybercrime / Most Commented

Criminal Checks Needed for Domain Name Tasting, Kiting, Spying

International organisations should step in to prevent the "tasting," "kiting" and "spying" related to Internet domain names, say representatives from the US telecommunications and trademark industries. These new activities are dramatically altering online commerce and impacting legitimate businesses, and the United States Federal Trade Commission (FTC), World Intellectual Property Organization (WIPO) and the Internet Corporation for Assigned Names and Numbers (ICANN) should take action, they say. The US Anti-Cybersquatting Consumer Protection Act (ACPA) had too many loopholes given the actual trends in the domain name secondary market, said Sarah Deutsch, vice president and associate general counsel for Verizon, and Marilyn Cade, former AT&T lobbyist and now consultant on Internet and technology issues... more

Starbucks Chairman, Founder Called Typosquatter and Typosquasher

Starbucks chairman and founder, Mr. Schultz's venture capital firm, Seattle-based Maveron, and H. Ross Perot's investment arm last month plowed $38 million into iREIT, a Houston-based company that has been accused of typosquatting by telecom giant Verizon. But earlier this year, Maveron also invested in Aliso Viejo, California-based CitizenHawk, which makes software that helps trademark holders identify typosquatters and initiate legal action against them. more

.xom, BrandJacking and Error-Search

BusinessWeek is running a column called 'Brandjacking' on the Web. In summary, nobody likes deliberate cybersquatting or typosquatting. But if Typo domain-names did not exist, the traffic would continue to flow to Microsoft or Google via the browser's error search where those very large companies would make money in the same manner as the 'evil cybersquatters'... more

WIPO Snafu Over britishmuseum.org Case?

WIPO just published a decision regarding the domain dispute over the britishmuseum.org domain name. At first glance, everything seems alright. The world famous British Museum won in a default judgment as the current registrant (the respondent) never replied). However, drill a little deeper and something is amiss. The "parties" section of the case lists the respondent as "British Museum Resources, Limited, West Bay, George Town, Kentucky, United States of America." more

New Wave of Illegal Activity Breed of So-Called P2P Worm

Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace.

Security experts have predicted over the last several years that botnets of hijacked PCs would pose one of the staunchest challenges faced by the IT community as criminals discovered new ways to use them to deliver attacks. more

Microsoft Investigating Windows DNS Server Attacks

Microsoft is investigating attacks exploiting a vulnerability in the Windows Server Domain Name System Service, as well as two types of hacks targeting Vista's OEM BIOS activation feature... "Our investigation reveals that this vulnerability could allow a criminal to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM," a Microsoft spokesperson said. more

Microsoft Launches Court Actions Against Cybersquatters

Microsoft is launching a string of court actions in the United States and Europe against cybersquatters, the Financial Times reported on Wednesday.

"Cybersquatting is a growing problem for brands around the world and we hope to educate other brand holders and encourage them to take action," Aaron Kornblum, a senior Microsoft lawyer, told the business daily. more

Cybersquatting Cases Rose 25 Percent Last Year, Says WIPO

The U.N. copyright agency (World Intellectual Property Organization) that arbitrates more than half the world's "cybersquatting" cases saw a 25 percent increase in complaints last year. WIPO received 1,823 complaints in 2006 alleging abusive registrations of trademarks as Internet domain names. more

ICANN Releases DNS Attack Factsheet Concerning Recent Attacks

ICANN has released a factsheet concerning the recent attack on the root server system on 6 February 2007. The factsheet is intended to provide an explanation of the attack for a non-technical audience and hopes to enlarge public understanding surrounding this and related issues.

Aside from covering the attack itself and the engineers' response to it, the factsheet also briefly reviews the root server system, the domain name system, Anycast technology, and what can be done in order to deal with such attacks in future. The fact sheet can be downloaded here [PDF]. more

Cybersquatting and Geopolitics Heats Up

Cybersquatting is so 2000, or so we thought. The Uniform Dispute Resolution Policy (UDRP) at WIPO has been chugging along for several years now, methodically determining if complainants IP rights have been violated and reassigning "ownership" of domain names. Typically, the cases are fairly boring. But some recent developments in the world of 800 lb search gorillas, Google and Baidu, suggests that the regime could be faced with substantial pressure in the near future. more

Anti-DNS Google Desktop Attack Reported

Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS (Domain Name System) pinning, that could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

...Anti-DNS pinning is an emerging area of security research, understood by just a handful of researchers, said Jeremiah Grossman, chief technical officer at WhiteHat Security. more

Researchers Say Attackers Can Hit Home Routers

If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.

...In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems DI-524 wireless router to look up websites from a DNS server of their choosing. more

Phishing Attacks Surpass Viruses and Trojans

Phishing attacks have outnumbered emails infected with viruses and Trojan horse programs for the first time, according to security experts.

...The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm Worm and Warezov attacks, according to MessageLabs. more

Top Domain Name News Stories of 2006

Record-breaking domain sales, acquisitions, and growing industry credibility all highlight a critical year for the domain name industry. The domain name industry had a heck of a year. It's impossible to rank the top news stories of 2006, but I'm going to make an attempt... Let's talk about it before the end of the year; then let's look forward to a fantastic 2007. more

Domain Name Arbitration Disputes on Rise

Internet domain name arbitration disputes have risen by more than a quarter since January 2005 -- despite the expansion of generic top-level domain addresses like .biz and .info -- as cybersquatters find more sophisticated ways of encroaching on legitimate Web sites.

...Typosquatting, a form of cybersquatting that involves capturing another company's Web traffic by registering misspelled versions of a well-known Internet site or brand name, is driving much of the growth in domain-name disputes, according to intellectual property lawyers. more

Industry Updates

The Orvis.com Data Leak: A Short Investigation Using WHOIS Information

The Disney+ Account Hijacking: Preventing Unauthorized Network Access with Threat Intelligence Tools

Billtrust Breach: Can Threat Intelligence Platforms Help with Ransomware Prevention?

Post NordVPN Data Exposure: Using Domain Threat Intelligence to Prevent MitM Attacks

InterMed Breach: How Threat Intelligence Sources Help Maintain Domain Integrity

BriansClub & PoS Malware Attacks: How Threat Intelligence Solutions Help Prevent Payment Card Theft

How Reverse WHOIS Search Can Help Protect Against MegaCortex and Other Ransomware

The Web.com Data Breach: A Quick Investigation with Domain Reputation Lookup

Mobile Apps and Malware: Shielding Your Brand from Unseen Cyber Threats

Being Cybersecure Is Not Enough, Become Cyber-Resilient Instead

Can Security Analytics Combat Digital Fraud with IP and Domain Name Monitoring?

Alleviating the Constant Clash Between DevSecOps and DevOps Teams

Moving from the Castle-and-Moat to the Zero-Trust Model

Why IT Security and DevOps Teams Are Often at Odds

Mitigation and Remediation: Where Threat Intelligence Fits In