Introducing Intel(r) vPro(TM) Technology

Advertisement

Manage and protect your PC fleet with Intel(r) vPro(TM) technology.

">
Registry for .asia domain to crack down on phishy sites

The registry for the new .asia top-level domain plans to ban domain names that are consistently used for phishing sites.

Other stories on this topic
Is IT losing the battle against DNS attacks? 7/18/2007
New antiphishing, antispam specifications unveiled 5/24/2007
Product Guide: Spam fighters 4/20/2007
Powered by Inform

DotAsia Organization has agreed to implement a policy to ban domain names associated with phishing, said Laura Mather, of the Anti-Phishing Working Group (APWG), a consortium of companies and government groups that studies phishing. She is also a senior scientist at MarkMonitor.

New! Watch this Network World Webcast - Security Information Management Solutions: Beyond Threat Management

It's the first time that a registry has undertaken such a drastic action to stop the proliferation of fake Web sites designed to dupe people into divulging sensitive personal data. Registries are organizations that oversee technical implementation of top-level domains.

Phishing remains a huge problem despite improvements in security technology. Phishers attract people to their sites by sending links through spam e-mails. The sites, which spoof well-known brands with similar-looking domain names, are usually kicked off the Internet by Internet service providers after they receive reports that a site is fraudulent.

Often, the phisher switches hosting providers using the same domain name and the game repeats.

Phishers are also increasingly using a technique called "fast flux," which is designed to make sure a Web site is always available. Fast flux allows a Web site to resolve to numerous different IP addresses. If one server fails, a person browsing for the site is automatically redirected to another server hosting it.

Phishers are using fast flux with their sites, meaning the site's IP address changes every few minutes, redirecting to countless servers, all of which would have to be taken down. Fast flux makes it very difficult to keep a site off the Internet, turning antiphishing efforts into an endless game of chase.

"This is the weakest link online today in Internet security," wrote Gadi Evron, a security evangelist with Beyond Security. "We need to be able to get rid of domain names."

But if the top-level domain registry takes the domain name out of its system, the site will go down permanently, though there are some technical exceptions. One problem is a feature of the Internet's architecture designed to reduced the burden on nameservers, which match a domain name with its corresponding IP address and enable a Web site to be delivered in a browser.

  

1 | 2 |  Next >

The IDG News Service is a Network World affiliate.
Recent News:
· McColo takedown: Vigilantism or Neighborhood Watch?
· Spam drop could boost Trojan attacks
· Hosting firm shutdown forces botnets to relocate
· ISP cut off from Internet after security concerns
· Spam plummets after hosting service shuttered
Site Map | Recent News | Related Sites

Copyright © 2006 EmailSafety.net - All Rights Reserved.