Hackers Banned; Shift to Plan B

Monday, July 18, 2011 @ 01:07 PM gHale


Google just banned the .co.cc domain, so cyber criminals are shifting to alternative bulk domain providers, making it harder to block the sites.

At the beginning of the month Google deindexed all .co.cc websites from its search engine because of high abuse registered under the domain.

RELATED STORIES
Hack Confirmed; Oil Companies Eyed
Attacks Anytime; Govt. Contractors Hit
Web Sites to Find if You’re a Target
Paranoia Means Better Security

The .co.cc second-level domain (SLD) is a bulk domain registration service and had become a favorite for cyber criminals to host their scareware and phishing pages.

Security researchers have not endorsed Google’s decision because the measure does not prevent the abuse and probably hurts more legit domain owners than cyber criminals. On top of that, security researchers from Kaspersky said cyber criminals are dropping .co.cc in favor of alternative SDLs like co.cz, uni.cc, and bz.cm.

“Google’s actions may not have been very beneficial. On the one hand, they have removed a huge amount of malicious resources from their resource. On the other hand, they have forced out a lot of legitimate websites,” said Kaspersky Lab expert Eugene Aseev.

“Moreover, as there are many services like co.cc, the cyber criminals will quickly switch over to another service, making the blocking of just one zone completely pointless,” he said.

Having malicious domains spread across more SDLs instead of just one doesn’t only make it harder for Google to block them, but also for network administrators who might have prevented access to .co.cc domains from their networks.

Blocking complete access to the domains is much more efficient than removing them from search results, because in most cases the malicious .co.cc domains end up being landing pages or second and third level redirects. This means they didn’t appear in search results in the first place.



Leave a Reply

You must be logged in to post a comment.