[ insider_reports_insider ]
ICANN Scrubs Net Of Malware Haven
SecurityProNews
Staff Writer
2008-10-31
 Insider Reports RSS Feed
Too little too late for EstDomains, and if you're too late to do anything before ICANN gets you then you're pretty darn slow. The quasi-private overseer of the Internet sent a shattering blow to the registrar via contractual technicality, shutting the company down and sending malware agents scattering.
 | | ICANN Scrubs Net Of Malware Haven |  |
It wasn't much of a secret that Estonia-based registrar EstDomains was harboringInternet terrorists-swaths of scammers, phishers, and scammers made nests among 281,000 domains there-but Brian Krebs in depth report blew off the proverbial can-of-worms lid back in September.
Perhaps catching wind of the lower epic boot of ICANN, EstDomains issued a press release last week espousing the company's sudden concern for malware and offering software to help combat it. A week and a half later, ICANN wouldn't be moved and sent notice of the forfeiture and immediate transfer of all domains to interested parties.
Not for the bad neighborhood, though, but because the president of the company's criminal convictions constituted breach of contract and thus EstDomains lost its accreditation. ICANN posted its letter to Vladimir Tsastsin, which outlines why he's out of business in addition to facing jail time:
Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc., is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction.
Like nailing a mobster for tax evasion, this was the best way to make a case stick. EstDomains is appealing. It's defense is, basically: We forgot to tell you we replaced Tsastsin last summer. Does that help?
Apparently not as EstDomains is currently offline, though the transfer doesn't take effect until November 12. It will be interesting to see if anybody will touch the collection of domains with a ten-foot pole.
The consequences of a mass seizure like this one though, is that the bad guys scatter to several new unaware registrars, and that we see a sudden spike in phishing email attacks posing as legitimate registrars like eNom and Network Solutions. The phishers are seeking account information in a likely attempt to set up botnets or hijack domains.
Wherever they head, McAfee's Chris Barton is on the lookout at five other suspicious registrars, who may have contractual violations of their own. His fab five shady registrars are as follows:
1. Moniker
2. XIN NET
3. 35 Tech & OnlineNic
4. Planet Online
5. Dynamic Dolphin
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
