Threat Intelligence

Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Threat Intelligence / News Briefs

Bugs Found in DNS Software, Not Considered High-Risk

A number of flaws in the software that is used to administer the Internet's DNS (domain name system) has been discovered by researchers at Finland's University of Oulu.

The vulnerabilities could be exploited to "cause a variety of outcomes," including crashing the DNS server or possibly providing attackers with a way to run unauthorized software, according to an advisory posted Wednesday by the U.K.'s National Infrastructure Security Co-ordination Center. more

Microsoft to Hunt Down Typo-Squatters Using URL Tracer

Microsoft Research has released a new tool to help pinpoint large-scale typo-squatters that are known to be gaming pay-per-click domain parking services.

The lightweight prototype, called Strider URL Tracer, builds on the work within Microsoft's Cybersecurity and Systems Management group to keep tabs on a sophisticated typo-squatting scheme that uses multilayer URL redirection to make money from Google's AdSense for domains program. more

University Researchers Heighten Focus on VoIP Security Threats

With VoIP starting to live up to some of the hype, university researchers are looking to ensure that the technology's momentum in corporate and residential markets won't be ruined by myriad security threats.

The National Science Foundation this week said it has issued $600,000 to the University of North Texas to spearhead development of a multi-university test bed to study VoIP security. Other participants are Columbia University, Purdue University and the University of California-Davis. more

Report on Why Phishing Works Despite Warnings

Three U.S. academics have published research into why phishing scams are still finding success, years after widespread public warnings first appeared.

Most people have received an e-mail purporting to be from a bank or other online service that asks for personal and financial details. Occasionally, it has been for a bank or service for which the recipient is a customer. Even in that situation, many people still know to be wary. more

MIT Spam Conference on Phishing as the Worst Spam Problem

At the fourth annual MIT Spam Conference held in Boston Tuesday, speakers said that while the volume of spam ebbs and flows, the nature of unwanted email is steadily becoming more dangerous...

Fresh from an IETF meeting last week, Sendmail's Chief Science Officer Eric Allman spoke about the progress being made with DomainKeys Identified Mail (DKIM), a sender-authentication proposal from Yahoo and Cisco that's wending its way through the standards body, and how it can be used to fight phishing. more

Antispam Confab Looks Beyond Filters

The fight against spam, phishing and e-mail fraud should focus on economic incentives and aiding law enforcement, according to attendees at a conference examining the problem this week.

Speakers at MIT's 2006 Spam Conference were notably cognizant of the recent proposals of white lists and AOL's Goodmail, a pay per e-mail service offering preferential treatment in e-mail delivery for marketers. It is also one year since the implementation of Can-Spam, the federal law that sets e-mail marketing standards and makes it less complicated for law enforcement to go after John Doe spammers. more

DNS Hackers Target Domain Registrars

Hackers have launched distributed denial of service attacks against the Domain Name System (DNS) servers of a brace of domain name registrars over recent days. The motive for the separate attacks against VeriSign and Joker.com remains unclear.

VeriSign said the attack on its name servers caused a "brief degradation" in the quality of its service to customers for around 25 minutes on Tuesday afternoon, ComputerWorld reports. Domain registrar Joker.com is recovering from an attack on its name servers last week that lasted for six days up until last Sunday. Joker.com, which is based in Germany, handles the registration of approximately 550,000 domains. more

DNS Servers Do Hackers' Dirty Work

"DNS is now a major vector for DDOS," Dan Kaminsky, a security researcher said, referring to distributed denial-of-service attacks. "The bar has been lowered. People with fewer resources can now launch potentially crippling attacks."

Just as in any DDOS attack, the target system -- which could be a victim's Web server, name server or mail server -- is inundated with a multitude of data coming from multiple systems on the Internet. The goal is to make the target unreachable online by flooding the data connection or by crashing it as it tries to handle the incoming data.  more

Coalition Recommends Tools to Combat Phishing

ISPs and e-commerce sites can employ more tools to combat phishing scams, including "white lists" of legitimate Websites and using false identification information to scam the scammers, according to a report released Thursday.

The report, released by a coalition of consumer groups, technology vendors, financial services organizations and law enforcement agencies, also calls on Internet companies to step up their consumer education efforts. more

Opposition to ICANN-VeriSign Proposal Grows

Eight of the world's largest domain registrars have sent an open letter to ICANN Chairman Vint Cerf, stating their formal opposition to the revised proposition with VeriSign for continued control of the Internet registry.

The eight signatories, which lay claim to 25 million domain names, or 57 percent of those currently registered, are GoDaddy, Network Solutions, Tucows, Register.com, BulkRegister, Schlund + Partner AG, Melbourne IT and Intercosmos Media Group.
 more

Effects of Domain Hijacking Can Linger

Malicious hackers who are able to hijack an organization's Web domain may be able to steal traffic from the legitimate Web site long after the domain has been restored to its owner, according to a recent report.

Design flaws in the way Web browsers and proxy servers store data about Web sites allow malicious hackers to continue directing Web surfers to malicious Web pages for days or even months after the initial domain hijacking. more

Telecom Regulatory Authority of India Recommends IPv6 Transition

Faced with increasing demand for Internet protocol addresses, better quality of service and security, the Telecom Regulatory Authority of India (Trai) today recommended a transition from the existing version of internet protocol (IPv4) to the next-generation IPv6 platform.

The regulator has proposed the setting up of a National Internet Registry (NIR) in the country, within the framework of the Asia Pacific Network Information Centre (APNIC), and the Regional Internet Registry, utilizing the existing set-up of National Internet Exchange of India (NIXI). Currently all users in India buy their Internet protocol addresses from the APNIC. more

Phishing Attacks Evolved Steadily Throughout 2005 Security

Phishing attacks are continually evolving, as fraudsters develop new strategies and quickly refine them in an effort to stay a step ahead of banking customers and the security community. Here are some of the phishing trends and innovations we noted in 2005...

Open redirects became a favorite method for phishing attacks to "borrow" the URL and credibility of a trusted web site. Redirects are common on large web sites, where server side scripts are employed to redirect users to different parts of the site. more

US Warns of Fake Net Domain Data

More than 5% of the net's most popular domains have been registered using "patently false" data, research shows.

A US congressional report into who owns .com, .net and .org domains found that many owners were hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. more

Industry Updates

Hidden Botnet C&C on Legitimate Infrastructure? The Case of 000webhostapp[.]com

A Deep Dive into Known Magecart IoCs: What Are the Connected Internet Properties?

COVID-19-Related Bulk Domain Registrations: A Possible Case of DNS Abuse?

Protecting Intellectual Property Protects Consumers

"Voltswagen": April Fool's Prank, Brand Turmoil, and Bulk Domain Registrations

What Are the Common Forms of Bulk Domain & Typosquatting Registrations?

We Detected and Analyzed Thousands of CCTV-, Firewall-, and SCADA-themed Domains & Subdomains

How Reverse IP Lookup API Can Help Detect Connected Domains

Come April, Nothing Is Certain Except Phishing and Taxes

Expanding the List of Artifacts for the Recent JPMorgan Chase Squatting Campaign

An In-Depth Look at the Risks Kozow.com Subdomains May Pose to Internet Users

How Do You Choose the Best Threat Intelligence Platform for Your Company?

Keeping Track of Ramnit through Artifact Expansion

A List of Potential Attack Artifacts for the Top 3 Phished Brands in 2020

A Look at Recent Attacks on K-12 Distance Learning Providers Using Domain Intelligence