ICANN pulls plug on registrar favoured by cyber crooks

Posted by   Virus Bulletin on   Nov 14, 2008

After a week's stay of execution, ICANN decides EstDomains will be terminated.

ICANN, the organization responsible for managing the assignment of domain names and IP addresses, has announced it will pull the plug on Estonian domain registrar EstDomains - long known to be favoured by cybercriminals for their domain registrations - on 24 November.

In an official letter dated 28 October, ICANN advised EstDomains that the official ICANN Registration Accreditation Agreement with the company would be terminated on 12 November 2008, citing company president Vladimir Tsastsin's conviction of credit card fraud, money laundering and document forgery as the reason for the termination. However, following a response from EstDomains on 29 October, advising the ICANN that Tsastsin had resigned from his post prior to his conviction and had since been replaced - thus appealing to ICANN to reconsider the termination of the agreement, ICANN put the process on hold in order to carry out an investigation.

ICANN has now announced that the termination of EstDomains' ICANN accreditation is to go ahead on 24 November and the organization is now seeking expressions of interest from other registrars to receive a bulk transfer of the domain names managed by the struck-off registrar.

Experts estimate that tens of thousands of malicious domains have been registered through EstDomains including sites used in drive-by-downloads, botnet command-and-control servers, spammed domains and so on.

Posted on 14 November 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.