Tag Archive | "phishing"

ICANN Terminates EstDomains Accreditation

Tags: , , , , , , , ,


Reports on ICANN’s termination of notorious domain name registrar, EstDomains due to fraudulent activities, the Internet oversight agency is now preparing to transfer domain names of its customers to other registrars. "As the result of the de-accreditation of EstDomains, Inc. ICANN is seeking Statements of Interest from ICANN-accredited registrars that are interested in assuming sponsorship of the gTLD names that had been managed by EstDomains," says ICANN’s announcement. EstDomains managed approximately 280,000 domain names.

However the question asked by experts is whether any other registrar would have an interest in inheriting EstDomains questionable domain names. "I don’t think anyone in their right mind is going to want to take on these domain names," said Chris Barton, research scientist for McAfee AVERT Labs. "A registrar would have to be either very reckless or very brazen to consider it."

Updates:
EstDomains Update: Notice of Termination Stayed (ICANN – 10/30/2008)
ICANN delays shutting down spammy Estonian registrar (Network World – 10/30/2008)

ICANN Warns Domain Registrars over Compliance

Tags: , , , , ,


The nonprofit association that oversees Internet addresses says it will sanction two major domain registrars unless they fix flaws in their system for investigating shady Web sites.

The Internet Corporation for Assigned Names and Numbers , known as ICANN, sent formal breach notices Tuesday to two of the registrars that it accredits, giving them 15 days to fix the problem or lose their accreditation. The registrars – Swiss-based Joker.com and Beijing Innovative Linkage Technology Ltd., doing business as DNS.com.cn – lease out about 900,000 Internet addresses, known as domain names.

‘We are sending a message in public … that everyone needs to be vigilant,’ said Paul Levins, ICANN’s vice president for corporate affairs.

ICANN Chief Executive Officer Paul Twomey told United Press International that if the companies lose their accreditation, there is a process for transferring the domains they had leased to other registrars.

‘The registrants will be taken care of,’ he said.

ICANN’s notices are the latest under a crackdown aimed at improving the accuracy of information about who controls domain names and the Web sites based there.

As part of the registration process, those leasing domain names from registrars — the registrants — are required to identify themselves and provide contact information in a huge Internet database at Whois.net.

But spammers and other criminals who use Web pages to sell counterfeit goods, steal identities or propagate malicious software rarely provide accurate Whois information and sometimes do not provide any at all, say Web security specialists.

‘There are some domain registrars who facilitate criminal activities on the Web by turning a blind eye’ to registrants who deliberately provide false or incomplete Whois information, said Garth Bruen of the anti-spam advocacy group KnujOn – ‘no junk’ spelled backward.

He says a hard core of registrars rent most of the domain names that contain the Web sites advertised in spam e-mails — billions of unsolicited messages sent every year, mostly by so-called botnets of personal computers that, unbeknown to their owners, have been taken over by hackers and other cybercriminals.

Earlier this year, Mr. Bruen analyzed millions of spam e-mail messages forwarded by members of the public. He concluded that 90 percent of the Web addresses the spam advertised had been leased by just 20 registrars.

ICANN says that it has no authority to directly target spammers, counterfeiters and other criminals who register domain names and that the registrars it accredits are not required to proactively ensure the accuracy of their registrants’ Whois information. But they are obliged to follow up reports about missing or incorrect Whois data, and the failure of Joker.com and dns.com.cn to do so is what led ICANN to issue the breach notices.

‘The good registrars, which is the vast majority of them, welcome this enforcement,’ said Mr. Levins, adding that a recent audit had found that 850 out of 900 accredited registrars were complying with requirements to get accurate and complete data from registrants.

You can read more at the Washington Times