Register Domain Name - Web Hosting Registration Services

Phishing Gangs Finding New Ways to Exploit Domain Name Registrations to Avoid Detection and Frustrate Takedowns

Tokyo (PRWEB) May 27, 2008 -- APWG researchers at the second annual Counter eCrime Operations Summit (CeCOS II) revealed how the Internet's domain name system is being manipulated to dupe consumers into falling victim to phishing attacks (http://www.apwg.org/reports/APWG_GlobalPhishingSurvey2007.pdf), and to complicate the task of taking down phishing sites. The researchers also found that at least one in five domain names used in phishing (http://www3.nhk.or.jp/news/t10014826071000.html) attacks in 2007 was registered specifically for criminal enterprise.

Surveying more than 51,989 unique domain names and 11,553 IP addresses from a 2007 data archive of phishing-related URLs, Greg Aaron of Afilias and Rod Rasmussen of Internet Identity found at least 10,773 maliciously registered domains, which were created specifically to host counterfeit websites designed to deceive consumers into revealing their personal financial information. Of that sample, 10,515 had their phishes hidden on subdomains or in subdirectories - and few of the domain names themselves contained brand names.

"If the Internet community understands what the phishers have been doing, and why, we can create improved anti-phishing measures," said Greg Aaron, Director of Domain Security at Afilias and visiting research fellow at the APWG. "That will make things safer for Internet users, and harder for the criminals."

As part of their research, the pair created a new index for measuring the relative incidence of phishing in the various top-level domains (TLDs) throughout the world. This index revealed that several country-level domain systems were exploited systematically by phishers over the course of the year. Actions taken by some domain registries to improve their response to phishing had a measurable positive impact on the problem and hence the reputation of their domain name space.

"Domain name registrations made by phishers are a big part of the current problem," said Rod Rasmussen, President of Internet Identity and an APWG industry liaison. "Domain name registries and registrars are in an excellent position to curb that activity, and contribute to overall Internet safety."

Rasmussen and Aaron found several other ways that electronic crime gangs are using domain name registrations and domain name syntax to fool consumers and to make phishing harder to detect. They found a substantial number of phishing sites placed on subdomain registration services, which offer hosting and DNS redirection services under a second-level domain, e.g. "customer_term.service_provider_sld.TLD."

The researchers found some 11,443 subdomain sites/accounts used for phishing, under 448 such domains. The authors concluded, "If we had counted these unique subdomains as "regular" domain names, then these types of domains would represent at least 18% of all domains involved in phishing - a significant percentage." Of the sample, many were created using free subdomain services. Such services are largely automated and operate with limited staffing, and are therefore difficult to reach when a phishing site needs to be removed from the Internet.

Rasmussen and Aaron's survey was completed as project of the APWG's Internet Policy Committee, a volunteer corps of APWG members dedicated to developing original research and analysis to inform industrial and public policy regarding electronic crime. Their report, "Global Phishing Survey: Domain Name Use and Trends in 2007," is available online at: http://www.apwg.org/reports/APWG_GlobalPhishingSurvey2007.pdf

Part of Rasmussen and Aaron's presentation at CeCOS II was broadcast during the NHK network's evening news in Japan on Monday, May 26. Video of that broadcast news segment is available here: http://www3.nhk.or.jp/news/t10014826071000.html

Media Contacts:

APWG Secretary General Peter Cassidy - TEL: +1 617 669 1123 Email: pcassidy@antiphishing.org

APWG CeCOS II Coordinator Kana Shinoda - TEL: +81 70 6643 0539 Email: kana@antiphishing.org

About the APWG: The APWG, founded in 2003 as the Anti-Phishing Working Group, is an industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies and government agencies participating in the APWG and more than 3,000 members. The APWG's Web site (www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection.

APWG's corporate sponsors include: 8e6 Technologies, AT&T (T), Able NV, ActivCard (ACTI), Adobe (ADBE), Afilias Ltd., AhnLab, Anakam, BBN Technologies, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Cisco (CSCO), Clear Search, Cloudmark, Comodo, Corillian (CORI), Cydelity, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Earthlink (ELNK), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye Fortinet, FrontPorch, F-Secure, Grisoft, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, IOvation, IS3, IT Matrix, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Panda Software, Phoenix Technologies Inc. (PTEC), Quova, RSA SalesForce, Security (RSAS), SAIC, SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, Symantec (SYMC), TDS Telecom, Telefonica (TEF), Trend Micro (TMIC), Tricerion, TriCipher, Tumbleweed Communications (TMWD), SurfControl (SRF.L), Vasco (VDSI), VeriSign (VRSN), Visa, Websense Inc. (WBSN), WholeSecurity, and Yahoo! (YHOO)

###

MORE ARTICLES:

Cheap Domain Names, Hosting & Registration is Easy to Find Now Days
So you have a dream for a web site, an exciting idea or something you want to accomplish on the web Well in order to get started on the exciting Internet you must first find a domain name and hosting provider

Nexx Cuts Price on .com Domain Names Web Host Offers Exceptional Value on Domain Names
Nexx Online Inc., an innovative North American web host and ICANN Accredited domain name registrar, today cut the price of their .com, .net, .org, .info and .biz domain names to only $7.95 per year.

Start Your Home Base Business With A Domain Name And Web Hosting
So you want to start an internet business where you can work at home and make tons of money The first part is easy to do

The dos and don'ts of web hosting and domain names
When you make the decision to start a website for your business, it is a big step. Going from the world of offline business where clients are limited to geographical locations to online where the entire world is a potential client can be overwhelming.

Free Website Hosting Vs. Paid Website Hosting Basics
Web site hosting service companies on the Internet permit the user to make their web site accessible through the World Wide Web. There are huge numbers of companies that offer web space on their server for their customers and also offer Internet connectivity in general in a data center. There can be various types of web site hosting companies. The main classification is the free web site hosting and the paid web site hosting service companies.

Domain Names and Web Hosting
Experienced webmasters know the value of a good and "sticky" domain name. Ever since Google started ranking higher and giving more weight to web sites which use relevant keywords in the domain name. A clear example can be seen after running a quick search using the term "SEO".

Website Domain Name Registration Services from Access IT Solutions
Before you start building a website, choosing the right domain name is an important thing to do. Website domain name registration is necessary to have a website. The names are important because they enable clients or potential customers to know about your business or organization.

Cheap Internet Hosting, Business Web Hosting - Choosing The Right Web Host Package
With literally hundreds of web hosting providers competing for your business, it may be confusing to find the one that's right for your web site. A few key considerations can help you narrow down your choices to the most affordable and best options to meet your personal, professional or business web page needs.

Domain Name and Web Hosting Hell
Does GoDaddy really suck?I am in the process of registering more and more domain names so it seems natural to look for the best pricing deal.Registering multiple domain names can add up quickly, especially if you register both the NoDashVersion.

Internet Domain Registration – Top 10 Most Frequently Asked Questions on Domain Name Registration
Here are the top ten most frequently asked questions regarding on Internet domain name registration:Q1. Which characters are allowed in Internet domain names?A: For normal ASCII domain names, the letters a-z, the numbers 0-9, and one special character, the hyphen or dash "-".

New Review Website for Web Hosting Services Web-Hosting-Info.com Launched
Known for websites such as FaxCompare.com, PBXCompare.com and Email-Marketing-Options.com, Zilker Ventures launches its newest comparison and review website for web hosting services, Web-Hosting-Info.com.

The Advantages Web Hosts Receive By Switching to ASP.NET Reseller Hosting
Many linux hosting resellers might find advantages of changing to a hosting service that sells Windows server hosting over Linux. While Linux is a very popular hosting solution, Windows offers multiple advantages that would benefit a number of customers. For this reason, it can be a very good product for hosts to resell.

DiscountASP.NET Named Best Hosting Service by asp.netPRO Readers for Fourth Consecutive Year
ASP.NET hosting and SQL hosting leader, DiscountASP.NET announces receiving the "Best Hosting Service" award in asp.netPRO Magazine's 2008 Readers' Choice poll, making it the fourth consecutive year to win this prestigious title.

Website-Hosting-Offers.com Launches to Compare Leading Web Hosting Providers for Small Businesses
Website-Hosting-Offers.com announces the launch of a website featuring a select group of top web hosting providers, including reviews and side by side comparisons of all web hosting plans from these providers. Web hosting providers reviewed include Yahoo Web Hosting, 1&1 Web Hosting, iPowerWeb Hosting, and more. Site visitors can get informative web hosting reviews and articles that cater to everyone from beginning website builders to more experienced small business owners upgrading to a new web hosting plan.

The Steps Of Web Hosting Domain Registration
For the many millions of people who have decided to keep pace with the growing popularity of the Internet by launching their own website, they are faced with a variety of decisions necessary to make the most of their online presence. After deciding the nature and content of your website you must then tackle the decisions associated with web hosting domain registration.