Registrars Release Suspended Domains to Attackers

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via The ScanSafe STAT Blog.

[snip]

A new outbreak of SQL attacks began on the 8th. Not that they ever really
go away, but new waves replace the old ones. The attackers are using a much
larger number of domains than seen in previous months. Just 11 days into
June, and already 54 of these domains have been observed. Many of these are
previously suspended domains that registrars have released back to the
attackers.

The end result, some of the domains involved in the late May and early June
attacks are now active again. Thus not only newly compromised sites are
foisting the malware, but any sites previously compromised that have not
cleaned up their pages (and properly parameterized their SQL queries) will
now once again be serving as conveyor belts for password stealing trojans.

[snip]

More:
http://blog.scansafe.com/journal/2008/6/10/registrars-release-suspended-dom
ains-to-attackers.html

This is exactly illustrative of the problem that are enormous in the entire
domain registration process, and how criminals are continually gaming the
domain registration process without fear of retribution or punishment. This
has got to change -- these domain registration policy loopholes must be
closed -- before we can even to begin to have an impact on the criminal
manipulation of the domain registration process.

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFITz8bq1pz9mNUZTMRAsaOAKDhufnXnE2BQtkBBtuJakELMkHeVgCgq72o
lupD3gI0PpmGqcA24cg4IPo=
=bAXY
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.