Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Spammers are increasing the use of Russian domain registrars for their various spam campaigns with up to 600 domains registered at once.Detection by M86 Security of a continuous stream of newly registered .ru domains in spam email has led to the revelation that one third of all unique domains are coming from a .ru domain.
Almost all of the .ru domains are registered though two registrars, Naunet and Reg.ru (also known as NAUNET-REG-RIPN and REGRU-REG-RIPN), with spammers generally advertising each domain for only a couple of hours and registering new ones all the time.M86 said that in the last month from spam alone, it has seen over 4,000 .ru domains registered through Naunet. These are hosting a variety of spam web sites including ultimate replica, Dr Maxman, online casinos, via grow, and Eurosoft software.Although the spammed websites are generally non-malicious, as they do not try to exploit vulnerabilities on the visitor's machine, M86 said that it has seen domains registered with both of these registrars used as controllers for the Zeus crimeware kit, and that Naunet was recently used to register domains used as control servers for the Asprox botnet, although these were done on a much smaller scale than the spam domains.Several anti-spam groups have already pointed out these registrars as the source of Russian spam domains and that these registrars often ignore requests to suspend illegal domains.Talking to SC Magazine, Bradley Anstis, VP technical strategy at M86 Security, said that in the past spammers used Russian registrars, but have moved their domains from country to country as each government promises to crack down on the phenomenon.He said: “So over a period of time it has all gone back to Russia again, the regulators in Russia are saying 'we have these rules' but they are not enforcing them. We can see a domain registrar where you register 600 domains at once. Why would any commercial organisation want to register 600 domains at once?“In the last two weeks we have seen about 6,000 domains registered by two registrars, and these two domain registrars seem to be the problem. It is back to the old days of trying to chase the registrars and trying to get the regulators to start enforcing their own policy.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.