Blocking domain won't stop spam, Google warned
By Nicole Kobie
Posted on 11 Jul 2011 at 10:14
Google's move to block malware by dumping ".co.cc" domains is a "short-term band-aid solution", according to one security firm.
Last week, Google blocked the entire .co.cc domain, saying its 11 million sites were predominantly malware and spam.
TrendMicro has warned that cyber criminals have already moved on from the .co.cc second-level domain (SLD), leaving real businesses on that address out of luck.
As a means to protect users, we do not think this is a good solution
"Based on our research and monitoring of malicious domains and cybercrime activity, we know for a fact that all major cybercriminals have already moved from .co.cc to other similarly abused SLDs like .rr.nu or .co.tv," said Martin Roesler, director of threat research, in a post on the TrendLabs blog, adding criminals frequently hop from one domain to another.
"As a means to protect users, we do not think this is a good solution," he said.
Instead of blocking an entire block of domains, Google could make a "real and lasting impact" by working more closely with registrars.
"For instance, Google’s massive visibility into the totality of search queries done worldwide can allow it to acquire enough evidence to influence and to put pressure on registrars to pull out SLDs that host malicious activities," he said.
"This is much more effective instead of simply restricting user access to an entire block since we know cybercriminals will just choose to jump SLDs (they are already doing so)," he added. "This also unjustifiably penalises those who are actually using the said SLD for legitimate purposes."
The .co.cc domain isn't a standard SLD, however. It is technically not an officially authorised SLD but a so-called freehost. A Korean firm owns the "co" part on the .cc domain - a top-level domain (TLD) for the Cocos Islands - and gives domain names away for free or very cheaply, making them ideal for spam and malware.
Roesler added that the problem is set to get worse, following the announcement by ICANN that TLDs will be opened up.
"The recent ICANN decision — to add a nearly unlimited number of new top-level domains — will make the problem even more complex in the very near future," he said.
"Add to this the fact that ICANN requires parties interested in becoming a TLD registrar to deposit a certain sum of money in order to get accredited," he added. "Knowing how the cybercriminal mind works, we are pretty sure this is practically an open invitation for cybercrime gangs to launder money while running a completely malicious TLD."
Is your business a social business? For helpful info and tips visit our hub.
I think we will see the end of piracy before we see any dip in the level of spam from dodgy domains.
It is just sad fact that having an open interweb means people can do bad as easily [if not easier] than do good.
I think I would rather try and push treacle up a hill on a sunny day than be responsible for such matters.
By Anonymouse on 11 Jul 2011
I wouldn't want to do it for long, but would quite like to try pushing treacle uphill on a sunny day.
By tirons1 on 11 Jul 2011
You kinky devil :)
By chapelgarth on 11 Jul 2011
- The 5 most interesting UK businesses at SXSW
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Nokia XL review: first look
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords
- How to deal with a ransomware attack