funsec mailing list archives
Registrars Release Suspended Domains to Attackers
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Wed, 11 Jun 2008 02:57:36 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via The ScanSafe STAT Blog. [snip] A new outbreak of SQL attacks began on the 8th. Not that they ever really go away, but new waves replace the old ones. The attackers are using a much larger number of domains than seen in previous months. Just 11 days into June, and already 54 of these domains have been observed. Many of these are previously suspended domains that registrars have released back to the attackers. The end result, some of the domains involved in the late May and early June attacks are now active again. Thus not only newly compromised sites are foisting the malware, but any sites previously compromised that have not cleaned up their pages (and properly parameterized their SQL queries) will now once again be serving as conveyor belts for password stealing trojans. [snip] More: http://blog.scansafe.com/journal/2008/6/10/registrars-release-suspended-dom ains-to-attackers.html This is exactly illustrative of the problem that are enormous in the entire domain registration process, and how criminals are continually gaming the domain registration process without fear of retribution or punishment. This has got to change -- these domain registration policy loopholes must be closed -- before we can even to begin to have an impact on the criminal manipulation of the domain registration process. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFITz8bq1pz9mNUZTMRAsaOAKDhufnXnE2BQtkBBtuJakELMkHeVgCgq72o lupD3gI0PpmGqcA24cg4IPo= =bAXY -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Registrars Release Suspended Domains to Attackers Paul Ferguson (Jun 10)