07 October 2014

ICANN Follies, New gTLD Domain Names, New Security Threats

As a result of ICANN's New Generic Top Level Domains (new gTLDs), being rolled-out, new security threats are increasingly being reported--

Recently introduced TLDs create new opportunities for criminals | CSO Online: Sep 22, 2014 "...The [new g]TLDs ... [have] become a goldmine for criminals, who can often bypass network defenses guarding against phishing and C&C communications by using a domain that's outside of the norm. According to researchers at Malwarebytes, many of the newly released TLDs have been linked to various malicious activities on the Web in the last 60-days, including malware propagation and phishing. Some of the [new g]TLDs that were singled out include .pictures, .club, .xyz, .email, .company, .directory, .support, and .consulting... many of them were properly registered. However, the web servers they're pointed at were compromised. Many of the compromised servers were being used to propagate the Angler Exploit Kit. The Angler kit targets vulnerable Internet Explorer browsers, Java installations, and Adobe products. It's also known to attempt an infection without writing the malware to the system's drive, leaving the code running in memory. Angler mostly installs Zeus-based malware, targeting authentication credentials and financial data. At the same time, it's able to deliver any payload available depending on the campaign. Earlier this year, it was linked to a massive phishing campaign, which compromised more than 46,000 systems...." (read more at link above, emphasis added)

https://yourfakebank.support -- TLD confusion starts! - Internet Security | SANS ISC: Sep 16 2014 "Phishing emails per se are nothing new. But it appears that URLs like... [looks similar to this: hxxps://url-bofa.support/BankofAmerica.com] in the phishing email... have a higher success rate with users. I suspect this is due to the fact that the shown URL "looks different", but actually matches the linked URL, so the old common "wisdom" of hovering the mouse pointer over the link to look for links pointing to odd places .. won't help here. But wait, there's more! Since the crooks in this case own the [new gTLD] domain [name], and obviously trivially can pass the so-called "domain control validation" employed by some CA's, they actually managed to obtain a real, valid SSL certificate!..." (read more at the link above, emphasis added)

ICANN's Fresh Top Level Domains: a Gift to Phishers - Infosecurity Magazine: 18 Sep 2014 "... “Pretty much ever since TLD .biz went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN's latest folly and money-grab went live,” SANS researchers said in a bulletin. It looks like a number of the new top-level domains, like .support", .club, etc. have now come online. And again, it seems like only the crooks are buying.”...." (read more at link above, emphasis added)

more news links below (on mobile go to web version link below)

expVC.com Domain Name News Archive

expVC.com on Twitter