Blocking domain won't stop spam, Google warned
By Nicole Kobie
Posted on 11 Jul 2011 at 10:14
Google's move to block malware by dumping ".co.cc" domains is a "short-term band-aid solution", according to one security firm.
Last week, Google blocked the entire .co.cc domain, saying its 11 million sites were predominantly malware and spam.
TrendMicro has warned that cyber criminals have already moved on from the .co.cc second-level domain (SLD), leaving real businesses on that address out of luck.
As a means to protect users, we do not think this is a good solution
"Based on our research and monitoring of malicious domains and cybercrime activity, we know for a fact that all major cybercriminals have already moved from .co.cc to other similarly abused SLDs like .rr.nu or .co.tv," said Martin Roesler, director of threat research, in a post on the TrendLabs blog, adding criminals frequently hop from one domain to another.
"As a means to protect users, we do not think this is a good solution," he said.
Instead of blocking an entire block of domains, Google could make a "real and lasting impact" by working more closely with registrars.
"For instance, Google’s massive visibility into the totality of search queries done worldwide can allow it to acquire enough evidence to influence and to put pressure on registrars to pull out SLDs that host malicious activities," he said.
"This is much more effective instead of simply restricting user access to an entire block since we know cybercriminals will just choose to jump SLDs (they are already doing so)," he added. "This also unjustifiably penalises those who are actually using the said SLD for legitimate purposes."
The .co.cc domain isn't a standard SLD, however. It is technically not an officially authorised SLD but a so-called freehost. A Korean firm owns the "co" part on the .cc domain - a top-level domain (TLD) for the Cocos Islands - and gives domain names away for free or very cheaply, making them ideal for spam and malware.
Roesler added that the problem is set to get worse, following the announcement by ICANN that TLDs will be opened up.
"The recent ICANN decision — to add a nearly unlimited number of new top-level domains — will make the problem even more complex in the very near future," he said.
"Add to this the fact that ICANN requires parties interested in becoming a TLD registrar to deposit a certain sum of money in order to get accredited," he added. "Knowing how the cybercriminal mind works, we are pretty sure this is practically an open invitation for cybercrime gangs to launder money while running a completely malicious TLD."
I think we will see the end of piracy before we see any dip in the level of spam from dodgy domains.
It is just sad fact that having an open interweb means people can do bad as easily [if not easier] than do good.
I think I would rather try and push treacle up a hill on a sunny day than be responsible for such matters.
By Anonymouse on 11 Jul 2011
I wouldn't want to do it for long, but would quite like to try pushing treacle uphill on a sunny day.
By tirons1 on 11 Jul 2011
You kinky devil :)
By chapelgarth on 11 Jul 2011
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software