Sharp Increase in Top Level Domain Exploitation, APWG Researchers

A survey called "Global phishing Survey: Domain Name Use and Trends in 1H2008", carried out by Greg Aaron of Afilias and Rod Rasmussen of Internet Identity, revealed that notorious phishing gangs are increasingly abusing explicit Top Level Domains (TLDs).

The two researchers for Anti-Phishing Working Group (APWG) surveyed about 47,324 distinct phishing sites, hosting on 26,678 distinct domain names. The survey was focused at judging the frequency of phishing across the TLDs, where the number of phishing assaults per 10,000 domains was measured.

.hk (Hong Kong) was found to be the top TLD, bearing 142.1 phishing attacks per 10,000 domains, followed by .th (Thailand) facing 43.1 attacks.

Futher, .su (Soviet Union), .ru (Russia) and .fr (France) stood third, fifth and tenth, respectively in the TLD category. The major reason for the higher rankings of these domains is that phishers are hitting these TLDs extensively through sub-domain hosting services.

The excessive use of sub-domain registration services by the cyber criminals is opening a big world of terror to the Internet. Also, these services have diversified business outlines and controls, and operate outside the range of Internet Corporation for Assigned Names and Numbers (ICANN) or any other recognized authority and domain registries. Due to this reason, they are serving as safe grounds for the phishers and adversely effects the reputation of a Top Level Domain or registrar, which does not have any control over their activities.

Mr. Rasmussen, Co-Chair of the Internet Policy Committee of APWG, phishers are fast shifting from fixed IP-based URLs to domain-based URLs, as reported by TheEarthTimes on November 24, 2008.

He further stated that many of these phishing sites are present on the compromised servers that hold good name among the users. Meanwhile, others are staying on bogus registered domain names, which are backed by botnets and other similar discarded resources.

The efforts to improve the condition seem ineffective as nobody wants to suspend an innocent and legitimate domain name whereas blocking the botnet-hosting domains is the only solution to stop such incidents, added Mr. Rasmussen.

Related article: Survey Finds 96% Zombie PCs in Malaysia

» SPAMfighter News - 12/12/2008