Cybercrime

Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Cybercrime / News Briefs

Microsoft Launches Court Actions Against Cybersquatters

Microsoft is launching a string of court actions in the United States and Europe against cybersquatters, the Financial Times reported on Wednesday.

"Cybersquatting is a growing problem for brands around the world and we hope to educate other brand holders and encourage them to take action," Aaron Kornblum, a senior Microsoft lawyer, told the business daily. more

Cybersquatting Cases Rose 25 Percent Last Year, Says WIPO

The U.N. copyright agency (World Intellectual Property Organization) that arbitrates more than half the world's "cybersquatting" cases saw a 25 percent increase in complaints last year. WIPO received 1,823 complaints in 2006 alleging abusive registrations of trademarks as Internet domain names. more

Anycast Technology Effectiveness in Recent DNS Attack

During the attack, which lasted almost eight hours, six of the 13 root servers that form the foundation of the Internet's DNS were targeted, ICANN said. However, only two were noticeably affected. These two did not have Anycast installed because the technology was still being tested, ICANN said.

"With the Anycast technology apparently proven, it is likely that the remaining roots--D, E, G, H and L--will move over soon," ICANN said. The letters refer to the five of the 13 official root DNS servers that do not yet have Anycast installed. more

ICANN Releases DNS Attack Factsheet Concerning Recent Attacks

ICANN has released a factsheet concerning the recent attack on the root server system on 6 February 2007. The factsheet is intended to provide an explanation of the attack for a non-technical audience and hopes to enlarge public understanding surrounding this and related issues.

Aside from covering the attack itself and the engineers' response to it, the factsheet also briefly reviews the root server system, the domain name system, Anycast technology, and what can be done in order to deal with such attacks in future. The fact sheet can be downloaded here [PDF]. more

Anti-DNS Google Desktop Attack Reported

Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS (Domain Name System) pinning, that could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

...Anti-DNS pinning is an emerging area of security research, understood by just a handful of researchers, said Jeremiah Grossman, chief technical officer at WhiteHat Security. more

Researchers Say Attackers Can Hit Home Routers

If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.

...In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems DI-524 wireless router to look up websites from a DNS server of their choosing. more

Attack Seriously Slows Two Internet Root Servers

Online attackers have briefly disrupted service on at least two of the 13 "root" servers that are used to direct traffic on the Internet.

The attack, which began Tuesday at about 5:30 a.m. Eastern time, was the most significant attack against the root servers since an October 2002 distributed denial of service (DDOS) attack, said Ben Petro, senior vice president of services with Internet service provider Neustar Inc. more

Phishing Attacks Surpass Viruses and Trojans

Phishing attacks have outnumbered emails infected with viruses and Trojan horse programs for the first time, according to security experts.

...The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm Worm and Warezov attacks, according to MessageLabs. more

Legal Attack on ARIN Dismissed in Court

The American Registry for Internet Numbers (ARIN) has announced [PDF] that it has prevailed in a lawsuit that challenged ARIN's ability to allocate Internet Protocol (IP) number resources fairly. The lawsuit was brought by an individual - Gary Kremen - who sought to have a netblock of IP addresses transferred to him without agreeing to ARIN's standard terms and conditions.

"Today's victory is significant for consumers who rely on the Internet to operate efficiently and effectively," said ARIN President and CEO Raymond Plzak. more

Domain Name Arbitration Disputes on Rise

Internet domain name arbitration disputes have risen by more than a quarter since January 2005 -- despite the expansion of generic top-level domain addresses like .biz and .info -- as cybersquatters find more sophisticated ways of encroaching on legitimate Web sites.

...Typosquatting, a form of cybersquatting that involves capturing another company's Web traffic by registering misspelled versions of a well-known Internet site or brand name, is driving much of the growth in domain-name disputes, according to intellectual property lawyers. more

Microsoft Launches New Offensive Against Cybersquatters

Microsoft on Tuesday launched a new offensive against cybersquatters who allegedly gain illegal profits from thousands of Web sites, such as WindowsLiveTutorial.com and HaloChamp.com, that include the company's trademarked names.

Redmond filed three lawsuits in federal court this week claiming that some Web site operators have registered and operate hundreds of domain names with the sole purpose of reaping "bad faith" profits and in violation of federal and state laws. more

Europe Must Reboot its Fledgling .EU Domain Name

Europe must reboot its fledgling domain name to avoid a system crash, critics say, after alleged missteps allowed cybersquatters to stockpile trademarks for auction.

...Diana Wallis, a British liberal European Parliament member on the body's legal affairs committee, has asked the Commission to give a "full explanation of how the .eu domain allocation has been handled."

"If the scale of the abuse is anything like what appears to have taken place, this will represent a major EU scandal and commissioners will need to be brought to account," she said. more

ICANN Must Clamp Down On Domain Name Abuse

While Congress continues to consider the merits of so-called Net neutrality, an even more soporific but vital Internet legal issue looms, with ramifications for every business online and every user of the World Wide Web: What is the purpose of the database that contains information on every domain name registrant?

This question is being quietly debated by the Internet Corporation for Assigned Names and Numbers (ICANN) -- the Net's keeper of the all-important addressing system -- which is meeting June 26-30 in Marrakech, Morocco.

Today, cybersquatters have rebranded themselves as "domainers," says Doug Isenberg, the author of the article over at CNet News. more

Security Experts Warn VoIP Attacks May Be Just Around the Corner

It's become a familiar pattern in online security. A groundbreaking way to communicate emerges, spreads like wildfire, and then hackers find a way to use it to their advantage. Security companies react--but not before the problem has succeeded in wreaking havoc. It happened with e-mail and is happening now with instant messaging and mobile devices.

The next area that could be targeted: Voice over Internet Protocol, or VoIP, which lets people make low-priced phone calls using the same technology that delivers e-mail. And the results could be just as damaging, if not worse, than with other technologies, some security experts warn.  more

DNS Hackers Target Domain Registrars

Hackers have launched distributed denial of service attacks against the Domain Name System (DNS) servers of a brace of domain name registrars over recent days. The motive for the separate attacks against VeriSign and Joker.com remains unclear.

VeriSign said the attack on its name servers caused a "brief degradation" in the quality of its service to customers for around 25 minutes on Tuesday afternoon, ComputerWorld reports. Domain registrar Joker.com is recovering from an attack on its name servers last week that lasted for six days up until last Sunday. Joker.com, which is based in Germany, handles the registration of approximately 550,000 domains. more