Threat Intelligence

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Most Viewed

Moving Target: Spammer Using Over 1000 Home Computers as DNS

Some individual appears to have hijacked more than a 1,000 home computers starting in late June or early July and has been installing a new Trojan Horse program on them. The Trojan allows this person to run a number of small websites on the hijacked home computers. These websites consists of only a few web pages and apparently produce income by directing sign-ups to for-pay porn websites through affiliate programs. Spam emails messages get visitors to come to the small websites.

To make it more difficult for these websites to be shut down, a single home computer is used for only 10 minutes to host a site. After 10 minutes, the IP address of the website is changed to a different home computer... more

The Risk of Descriptive Subdomains: Are We Revealing Too Much?

Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more

More Problems Crop Up With Universal Acceptance of Top Level Domains

I've often found truth in the famous George Santayana quote, "Those that cannot remember the past are doomed to repeat it." That's an apt warning for what is currently happening - again - with the hundreds of new generic Top Level Domains (gTLDs) that are launching ... and failing to work as expected on the Internet. First, a quick refresher: As most CircleID readers know, in the early 2000s, seven new gTLDs were launched: .AERO, .BIZ, .COOP, .INFO, .MUSEUM, .NAME and .PRO. Aside from Country Code TLDs (ccTLDs), these were the first top-level changes to the DNS since the early days of the Internet. more

Paul Vixie on Fort N.O.C.‘s

I wish to correct several misstatements made by Brock Meeks in his article, "Fort N.O.C.'s", published January 20. I am speaking as an operator of the "F" root name server which was mentioned several times in this story. ..."A" root is not special in any way. Our "F" root server receives updates from an unrelated server called SRS which is operated under contract from the US Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN). These updates are received by all 13 root name servers, with "A" root a peer of the other 12, having no special capability or importance. If any one of these 13 servers (including "A" root) were temporarily unavailable due to a failure or disaster, there would be no noticeable impact on the Internet as a whole. more

.COM and .NET: Thick Or Thin?

The fallout from the failure of RegisterFly has been largely addressed as an issue of regulation and enforcement. ...ICANN has not historically enforced the escrow obligation, and in any case, if a company has failed, who exactly is going to take responsibility for updating the escrowed data? It seems to me that the problems that have arisen as a result of RegisterFly's collapse have more to do with the design of the "shared registry system" for the .COM and .NET TLDs than they do with ICANN's failure to enforce the RAA. more

SiteFinder vs. Engineers: Our Mistake Is Ignorance

We, as the Internet engineering community, have made a great mistake. Actually, it wasn't even one large mistake, but a series of small ones. Engineers are busy people, and most of us work under the constraints of the organizational entities we serve (be it ISPs, non-internet corporates, or even non-profits). Few of us have time for politics; even fewer have the desire and motivation for politics, and those of us who do try usually end up facing a brick wall of stubbornness, lack of understanding of the underlying technical issues, or just a deaf ear. more

Internet Drug Traffic, Service Providers and Intellectual Property

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. more

Can TCP/IP Survive?

The following article is an excerpt from the recently released Internet Analysis Report 2004 - Protocols and Governance. Full details of the argument for protocol reform can be found at 'Internet Mark 2 Project' website, where a copy of the Executive Summary can be downloaded free of charge. ..."In releasing this section for comment, I would like to point out that the report's conclusions are based on a cumulative examination of various protocols and systems. We are at a point of time where other protocols and systems are equally problematic -- the report points to some significant problems with DNS structure and scalability, and also points out that, to all intents and purposes, the basic email protocol, SMTP, is broken and needs immediate replacement." more

6 Ways to Strengthen DNS Security

The domain name system (DNS) grew to prominence during the initial, innocent days of the internet. During that time, early internet users tended to work for government or education organizations where trust was assumed, and security was not even a consideration. Since the online community was small and the internet was sparsely used, the importance of DNS was not widely understood, and as a consequence, left undefended. more

Email Address Forgery

In my roles as postmaster at CAUCE (the Coalition Against Unsolicited Commercial E-mail) and abuse.net, I get a lot of baffled and outraged mail from people who have discovered that someone is sending out spam, often pornographic spam, with their return address on the From: line. "How can they do that? How do I make them stop?'' The short answers are "easily'' and "it's nearly impossible.'' more

Internet Attacks Against Georgian Websites

In the last days, news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there... Up to the Estonian war, such attacks would be called "hacker enthusiast attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a political nature seems to get the "information warfare" tag. When 300 Lithuanian web sites were defaced last month, "cyber war" was the buzzword. Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine... more

Sorry, Not Sorry: WHOIS Data Must Remain Public

In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more

AFNIC and DNS Server Redelegation

As an American, I could go for the ignorant stereotyping of the French. But being the good global citizen I try to be, I'll just see if someone can tell me if I'm missing something here, or if indeed AFNIC has lost its mind. I recently requested for one of my .FR domains to be delegated to new DNS servers. I got everything set up at my new DNS provider. But, AFNIC won't perform the transfer because of the following "fatal" reason... more

What Are the Connections to Identified Hafnium Malicious IP Addresses?

Cyber attackers are very skilled at infiltration. They'd find ways into a house through cracks and holes that the homeowner doesn't know about. Analogically speaking, that's what the new cyber attack group dubbed "Hafnium" did when they identified several zero-day Microsoft Exchange vulnerabilities to get into target networks. With thousands of users for every Microsoft Exchange server, the attack has far-reaching implications. First, it establishes the presence of a new threat actor group in town. What else could they be up to? more

ICANN Complaint System Easily Gamed

ICANN's WDPRS system has been defeated. The system is intended to remove or correct fraudulently registered domains, but it does not work anymore. Yesterday I submitted a memo to the leadership of the ICANN At-Large Advisory Committee (ALAC) and the greater At-Large community. The memo concerns the details of a 214-day saga of complaints about a single domain used for trafficking opioids. more