Phishers Hiding Their URLs in Sub-Domains of Registered Domains

According to researchers at APWG (Anti-Phishing Working Group) on May 26, 2008, malicious users were manipulating the Internet's domain name to deceive end users into falling for phishing scams, and to confound the job of shutting down phishing Websites.

The security experts at APWG also said that in 2007, no less than one in every bunch of five domain names involved in phishing assaults was essentially registered for criminal purposes.

Out of 51,989 distinct domain names as well as 11,553 IP addresses taken from a 2007 database of phishing URLs, the APWG researchers found that at least 10,773 viciously registered domains hosting fake sites were designed to cheat consumers and to get them to reveal personal information. Further, 10,515 maliciously registered domains hid their phishers on sub-domains while a small number of those domains contained names of brand organizations.

Greg Aaron, Director of Domain Security at Afilias, and is also visiting research fellow at the APWG, said that if the community using the Internet understands the activities of phishers and their purposes, it could become much easier to devise enhanced anti-phishing measures. Following that, the Internet could become much safer for its users, at the same time difficult for the miscreants, as reported by PrWeb on May 27, 2008.

Meanwhile, through its phishing index, the APWG revealed how phishers systematically exploited the domain systems of several countries during 2007. However, when a few domain registries took action to respond to the phishing spree, it considerably impacted the problem, and thereby restored the name and position of the space for domain name registrations under those registries.

Rod Rasmussen, President of Internet Identity and APWG industry liaison, said that domain name registration by phishers are creating a big element of the existing problem. Registrars and registries of domain name were an excellent source to restrict that activity while they contributed to the overall safety of the Internet.

The investigators at the group also found as many as 11,443 phishing sites being hosted on 448 domains that provide hosting and DNS redirection facilities of certain inferior form, e.g. customer_term.service_provider_sld.TLD.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 6/7/2008