About Me

Archive

Archive

Read More

Blogs

Feeds & Podcasts

Meet the Bloggers

Archive

Tags

#McAfeeFOCUS, #MFETrivia, #SecChat, #SecurityLegos, $1 million guarantee, 3DS, 3G, 12 Scams of Christmas, 99 things, 419 scam, 2011 Threats Predictions, 2012, 2012 London Olympics, 2012 Security Predictions, 2012 Virtual Sales Kickoff, Abbreviation, access to live fraud resolution agents, Account Takeover Scams, Accredited Channel Engineer, ACE, ACE certification partner, Acquisition, addiction, Adobe, adult online content, advance-fee fraud, Advanced Persistent Threat, advanced persistent threats, adware, AET, affiliate marketing schemes, Alex Merton-McCann, Alex Thurber, AMTSO, analysis, Android, Android/FakeToken, Android/FakeUpdates, Android/NickiSpy, android antivirus, Android Bot analysis, Android Dropper, Android Exploit, Android Malware, Android Malware Analysis, Android Market, Android Mobile Malware, Android Rooting Exploit, Android security, android security app, Android SMS broadcast, animation, Annual Partner Survey, Anonymous, Anonymous Group, anti-malware, anti-phishing, anti-spam, anti-spyware, anti-theft, anti-virus, anti-virus program pops up, Antievasion, antivirus, Antivirus software, APIs, App Alert, Apple, application blacklisting, application developers, applications, application security, app protection, apps, app safety, app security, APT, Arun Sabapathy, ASIC, ATM scams, ATM skimming, attack, attacks, Australia, authentication, automobile, automotive, AutoRun malware, AV-TEST.org, award, awards, Backdoor, Back To School, Bad Apps, balanced scorecard, bank accounts, bank fraud, banking, banking fraud, Belarus, Bernie Madoff, best practices, beyond the PC, Big Data, big security data, bill collectors call for nonpayment, Bin Laden Scams, Biological Computer, Bitcoin, BlackBerry, Black Hat, Blackhat, black hat hackers, blue screen, Bluetooth, book, bot, botnet, botnets, bots, Brazil, breach, Brent Sanders, bueno, buffer overflow, Business IT, C-SAVE program, Cameron Diaz, canada online scams, CanSecWest, car hacking, case study, celebrities, certification, chain mails, Change Control, channel partner, Channel Partners, Channel Partner Town Hall, Channel Program, Channels Town Hall, Charity Phishing Scams, child identity theft, children online safety, children safety online, child safety, Chile, China, chris barton, christmas, Christmas scams, christmas shopping, Christmas shopping concerns, Christmas shopping crimes, chromebook, CIO Insomnia Project, CISO Executive Summit, Citrix, Civil War, class action lawsuit, clickjacking, cloud, cloud apps, Cloud city, Cloud computing, Cloud Expo, cloud security, Cofer Black, collaboration, college students, Commercial/SMB, Commercial and Enterprise Deal Registration, Compliance, computer, computer issues, computers, computer security, computer support, conference, Conficker, consolidation, Consumer, consumerization, consumerization of IT, consumer threat alert, consumer threats, Consumer Threats Alert, Content Protection, Continuing Education, cookies, Corporate Responsibility, counter identity theft, creating safe passwords, creating strong passwords, credit card fraud, credit card fraud and protection, credit card skimming, credit card thefts, credit fraud alerts, credit monitoring, credit monitoring and resolution, credit scores, crimeware, critical infrastructure, cross-site scripting, CSP, currency, customer service, CVE-2012-0158, Cyber, cyber addiction, cyber attack, cyberattacks, cyber bullying, cyberbullying, Cybercrime, cybercrime, cybercriminal, cybercriminals, cyber criminals, cybercrooks, cyberespionage, cyber ethics, Cyber Insurance, Cyber Intelligence Sharing and Protection Act of 2011, cybermom, Cyber Monday shopping, cyber mum, cybermum, Cybermum India, Cyber risks, cybersafe, cybersafety, cyber safety for women, Cyber savvy mom, cyber scams, cyberscams and identity theft, cybersecurity, cyber security, cyber security awareness, cybersecurity concerns, Cyber Security Mom, cybersecurity mom, cybersquatter, cybersquatting, cyberterrorists, cyber threat, cyberthreats, cyberwar, dangerous searches, Darkshell, data, Database, database activity monitoring, database security, data breach, data breaches, Datacenter, data center, data center security, Data Classification, data loss, Data Loss Prevention, Data Protection, Data Protection Act, dating scams, Dave DeWalt, Dave Marcus, David Small, DDoS, Deal Registration, decade of cybercrime, deceptive online promotions, dedicated security appliances, Deep Command, Deep Defender, DeepDefender, Deepika Padukone, DeepSAFE, DefCon, DefCon Kids, denial of service, denied credit, Department of Commerce, device, Device Control, devices, dewalt, digital assets, digital assets worth, Digital Certificates, digital devices, digital gadgets, digital music and movie report, distributed denial of service, DLP, Dmitri Alperovitch, DoS, DougaLeaker, download, downloader, downloaders, drivers license, drivers license identity theft, dumpster diving, Duqu, e-card scams, e-gold, e-mail id, earnings, easter, Easter scam, eBay, ecards, ecard spam, eCommerce, Ecuador, education, Eelectric Vehicle, EFF, election, email, Email & Web Security, Email & Web Security, email accounts, Email Protection, email scam, email scams, email security, email spoofing, embedded, embedded devices, Embedded Security, EMEA, Emerging Markets, Emerging Market Security, EMM, employment fraud, Employment Identity Theft Scams, encryption, Endpoint Protection, Endpoint Security, Endpoint security suite upgrade, energy, Enhanced Deal Registration, enterprise, enterprise mobility, enterprise resource planning, enterprise scurity, enterprise security, epayment, epo, ePO Deep Command, ePO DeepCommand, ePolicy Orchestrator, Epsilon, epsilon security breach, ERP, ESM, espionage, etiquette, EV, Exif, exploit, Exploit for Android, exploiting real brand names, exploits, facebook, Facebook Security, Facebook spam, Facial recongnition, fake-av, fake alert, fake ant, fake anti-virus software, fake anti virus, Fake AntiVirus, Fake Anti Virus Scams, fake emails, Fake Identity, fake software, fake system tool programs, fake updates, fake websites, false, families online, family, family identity safety, family online safety, family protection, Family Safety, Farmville, FBI, FDCC, fictitious identity theft, FIFA, file sharing, financial scams, Financial Security, Firesheep, firewall, FISMA, Fixed Function Devices, Flash, flashback, Focus, Focus11, FOCUS 2011, forrester, forwards, Foundstone, France, France Law, fraud, fraud resolution, fraud resolution agent assistance, fraudulent credit card or bank charges, free, Free gift card scam, Free giveaway scam, freely downloadable morphing tool, free money scam, free money scams, free WiFi spots, french, French Law, Friday Security Highlights, FTC, games, gaming, gaming consoles, Garter, Gartner, Gartner Security and Risk Management Summit, Gavin Struthers, Gaza, George Kurtz, geotag, gift cards and iPad promotions online, gift online shopping, gift scams, Global Cybersecurity, Global Payments, Global Risk 2012 report, Global SecurityAlliance Partner Summit, global threat intelligence, gmail, gold software support, good parenting, google, google code, Google Play, government, GPS, gratis, GSM, GTI, hacker, Hackers, hackers steal credit card numbers and sensitive personal data, hacking, Hacking Exposed, Hacktivism, Hacktivity, harassment, HB1140, Healthcare, heidi klum, Here you have worm, Heuristics, Hi5, HIPAA, Hispanic, hoax, hoax - slayer, holiday gifts, holiday malware, Holidays, holiday scams, holiday screensavers, holiday shopping, holiday shopping fraud, holiday websites, home network issues, host intrusion prevention, Host IPS, household devices, how to protect devices, how to secure wireless connection, how to set up wi fi, how to talk to kids, how to talk to teens, HV, Hybrid Vehicle, ICS, IDC, identify potential cyber-threats, identify spam, identity as a service, identity exposure, identity fraud, identity fraud scams, Identity Management, identity protection, identity protection $1 million guarantee, identity protection alerts, identity protection fraud, identity protection surveillance, identity surveillance, identity theft, identity theft celebrities, identity theft expert, identity theft fraud, identity theft protection, identity theft protection identity protection fraud, identity theft protection product, identity theft resolution, identity theft ring, identity theft risk, identity theft scams, identity theft tax scams, Identity thieves and cybercriminals, identity threat protection, IDF 2011, ID theft, iframe, IIM Bengaluru suicide case, illegal immigrants, impersonation, in.cgi, Incident Response, Incumbency Advantage Program, India, India cybermum, Indian kids, Indonesia, industrial control systems, infected mobile apps, information collected by advertisers or social media marketing, Information leak, Information Protection, Information Security, Information Warfare, Infrastructure, Initiative to Fight Cybercrime, innovation, insiders, Insider Threats, integration, Integrity, Integrity Control, intel, Intel Cloud SSO, intellectual property, internet addiction, internet connected devices, Internet Explorer, Internet filtering, internet identity trading surveillance, Internet monitoring, Internet Phishing Scams, internet privacy, Internet Safety, internet security, internet security tips, internet time limits, Interop, in the cloud, IntruShield, intrusion prevention, In vehicle Infotainment, investment scams, iOS, IP, iPad, iPad scams, iphone, IPS, IPv6, IRCBOT for android, IRS, IRS scams, I Series, IT, IT as a Service, itouch, IT Security, IT Security market, Japan, japan earthquake malware, japan earthquake safe donation, japan earthquake scams, japan tsunami scams, java, JavaScript, job applications, Joe Sexton, John Bernard Campbell, julian Assange, kama sutra koobface, Katrina Kaif, keep family PC safe, Kernel 0day vulnerability, keycatchers, keyloggers, kids, kids online behavior, kids online safety, kids safety, king county, koobface, kurtz, labs, laptops, Larry Ponemon, LART, Late Payment Scam, law, law enforcement, LCEN, legal, legal identifier, legal risk, Legos, linkedin, Linux, Linux/Exploit:Looter Analysis, Linux and Windows, live-tweeting, live access to fraud resolution agents, lizamoon, Lloyds, Location services, Lockheed Martin, logging out of accounts, login details, LOIC, Looter Analysis, Lori Drew, loss of gadgets, lost, lost or stolen driver’s license credit cards debit card store cards, lost or stolen Social Security card or Social Security number, lost or stolen wallet, lost wallet protection, lottery, luckysploit, LulzSec, M&A, mac, mac/OSX, Mac antivirus, mac malware, Mac malware and threats, Mac OSX, Mac OS X, Mac security, mac threat, mailbox raiding, Mail fraud, mail order bride spam, Malicious Android Application, malicious apps, malicious files, malicious program, Malicious QR Code, malicious sites, malicious software, malware, Malware Experience, malware forums, Malware research, malware threats, malweb, managed security services, Management, managing personal affairs online, map, mapping the mal web, maps, Marc Olesen, Mariposa, mass mailing worm, mass sql injection, mastercard, Maturity Model, mcaf.ee, McAfee, Mcafee's Who Broke the Internet, McAfee-Synovate study, mcafee all access, McAfee AntiSpyware, McAfee Antivirus Plus, McAfee Application Control, McAfee Channel, McAfee Channel Partner, McAfee Cloud Security Platform, McAfee Consumer Threat Alert, McAfee Data Loss Prevention, Mcafee DLP, McAfee Email Gateway 7.0, McAfee EMM, McAfee Employees, McAfee Enterprise Mobility Management, McAfee ePO, McAfee ePolicy Orchestrator, McAfee Facebook page, McAfee Family Protection, McAfee Family Protection for Android, McAfee Firewall Enterprise, McAfee FOCUS, McAfee FOCUS 2011, McAfee Identity Protection, mcafee identity theft protection, McAfee Initiative to Fight Cybercrime, McAfee Internet Security, McAfee Internet Security for Mac, mcafee internet security for mac; mcafee family protection for mac, McAfee Labs, McAfee Labs Q3 Threat Report, McAfee Labs Report, mcafee mobile, McAfee Mobile Security, McAfee MobileSecurity, McAfee MOVE, McAfee MOVE AV, McAfee Network Security Platform, McAfee Network Threat Response, McAfee NSP, McAfee Partner, McAfee Partner Learning Center, McAfee Partner of the Year Award, McAfee Partner Program, McAfee Partner Summit, McAfee Policy Auditor, McAfee Q4 2011 Threat report, McAfee research, McAfee Rewards, McAfee Risk Advisor, McAfee Safe Eyes, McAfee Safe Eyes Mobile, McAfee Scan and Repair, McAfee SECURE, McAfeeSECURE, mcafee secure shopping, McAfee Security Journal, McAfee Security Management, McAfee security products, McAfee security software, McAfee security software offer, McAfee Security Webinars, McAfee SiteAdvisor, McAfee Site advisor, mcafee spamcapella, McAfee TechMaster services, McAfee Threat Predictions, mcafee threat report, mcafee total protection, McAfee Vulnerability Manager, McAfee Vulnerability Manager for Databases, mcafee wavesecure, McAfee® Internet Security Suite, McCain, medical identify theft, Medical identity theft, medical records, michael jackson, Microsoft, Microsoft Security Bulletin, Mid-Market, Middle East, Mike Decesare, Mike Fey, MMORPG, Mobile, mobile antivirus, mobile app, mobile applications, mobile apps, mobile banking, mobile carriers, Mobile Commerce, mobile data communications, Mobile Data Protection, mobile data protocols, mobile device, mobile devices, mobile devices and security threats, mobile devices issues, mobile identity security, mobile malware, mobile phones, mobile phone spyware, mobile protection, mobile safety tips, mobile scam, mobile security, mobile security app, mobile security software, mobile smartphone security, mobile spam, mobiles security, mobile threats, mobile wireless internet security concerns, Moira, Moira Cronin, mom, money laundering, monitor a child’s identity, monitor credit and personal information, monitoring, Morphing, most dangerous celebrities, Mother's day, mothering, mothering advice, mothering boys, mothering Internet safety, Mother’s day spam, movies, MS12-020, M Series, msn spaces, multiple devices, multiple social security numbers, mum, Mummy blogger, myspace, MySQL, mystery shoppers, NACACS, national cybersecurity awareness month, National Cyber Security Awareness Week, national identification card, NCSA, ndr, near field communication, Netbook, netiquette, Network Evasions, Network Perimeter Security, Network Security, Network Security; Email & Web Security; Security-as-a-Service, network security server security, New teen survey, new year resolution, New York Times, next-gen IPS, Next Generation, next generation data center, Next Generation IPS, NFC, NickiSpy, Nigerian 419 Scam, nigerian scam, Night Dragon, NIST, Nitol, NitroSecurity, Nitro Security, NitroView, north america, North Korea, NotCompatible, Oak Ridge National Laboratory, obama, Occupy Wall Street, OCTO, OLE, olympics, Olympic scams, OMB, online, Online Backup, online banking, online banking safely, online book shopping, online bookstore, online child safety, online coupon scams, online credit fraud, online danger, online dangers, online dating, online e-tailers, online ethics, online fraud, online game, online games, online game spam, online gaming, online gangs, online harassment, online marketing sites, online personal data protection, online predators, online safety, online safety for kids, online safety of kids, online safety tips, online scams, online search, online security, online security education, online shopping, online shopping risks, online shopping scams, online shopping threats, online spam, online surfing, online survey scam, online threat, onlinethreats, online threats, online video, Open Source, operational risk, Operation Aurora, Operation Shady RAT, Optimized, Orange, organized crime, organized criminals, OS/X, oscars, outages, outlook, OWASP, P2P, PARC, parental advice, Parental control, parental controls, Partner Acceleration Resource Center, Partner Care, partners, Partner Summit, passport, password, password complexity check, passwords, password security, password stealer, Pastebin, patch, Patch Tuesday, Patmos, Paul Otellini, pay-per-install malware, Payload, payment, paypal, PC, PC Addiction, PCI, PCI Compliance, PCI DSS, PCs, pc security, PDF, pedro bueno, peer to peer, Peer to Peer file sharing, Pemberton, perception, personal identity fraud, personal identity theft, personal identity theft fraud, personal information, personal information loss, personal information over mobile phones, personal information protection, Personal information security, personal privacy, personal protection, peter king, Phantom websites, phishing, phishing kits, phishing scams, phishing shareware, pickpockets, pic sharing, piers morgan, PII, Pin scams, pinterest scam, piracy, Playstation, policies, Ponemon Institute, Ponzi scam, pop ups, pornography, Postcode Lottery, posting inappropriate content, posting videos online, PostScript, potential employers, Potentially unwanted program, power grid, power loss, Pre-detection, Pre-Installed Malware, predictions, Premium SMS Trojan, president obama, Printers, privacy, Privacy Awareness Week, privacy setting, privacy settings, proactive identity protection, proactive identity surveillance, Products, promotion, Protect all devices, protect devices, protect digital assets, protection, protect teens, provide live access to fraud resolution agents, Public-Private partnerships, public policy, Public Sector, puget sound, Pune Police, pup, PWN2OWN, pws, qr code, QR codes, quarterly threat report, Ramnit, RAT, rdp, Rebecca Black, Records phone conversations, reference architecture, regulation, regulations, Renee James, reporting, reputational risk, Rep Weiner, research, resolutions, responsible mail, restore credit and personal identity, retail, RFID, ring tones, risk, Risk Advisor, risk and, Risk and Compliance, Risk Management, risk of personal information loss, risks of online shopping, risky, Riverbed, Robert Siciliano, roberts siciliano, rogue anti-virus software, rogue applications, Rogue Certificates, ROI, romance scams, Rookits, Rooting Exploit, rootkit, RootkitRemover, Rootkits, RSA, RSA 2010, RSA 2012, RTF, Russia, s, SaaS, SaaS Monthly Specialization, SaaS security solutions, safe, safe email tips, safe online shopping, safe password tips, Safe search, safe searching, Safe surf, safe surfing, safe transactions, SAIC, Salesforce.com, Saudi Arabia, Saviynt Access Manager, SCADA, scam, scammers, scams, SCAP, scareware, SchmooCon, schools, screensavers, sear, search, Search engine optimization, Search engine poisoning, SEC Guidance, SecTor, secure cloud computing, Secure Computing, secure container, secure data, secure devices, secure new devices, secure smartphone, secure wi fi, security, Security-as-a-Service, Security 101, Security and Defense Agenda, security attacks, security awareness, security breach, security breaches, security conferences, Security Connected, Security Connected Reference Architecture, Security Influence, security information and event management, security landscape, security management, security metrics, security optimization, security policy, Security Seals, security software, security threats, self-defence, sensitive data, sensitive documents, Sentrigo acquisition, seo abuse, settings, sexting, Shady RAT, SharePoint, shopping scams, shortened URLs, short url, SIA Partners, SIEM, simple safety tips, SiteAdvisor, site advisor, Situational Awareness, SlowLoris, Small Business, Smart Grid, smartphone, smartphones, smartphone safety, smartphone security, smart phone threats, SMB, SMB Advisor Tool, SMB Extravaganza, SMB Specialization, smishing, sms, SMS Lingo, sniffing tools, social business, social engineering, social media, social media online scams, social media passwords, social media threats, social network, social networking, social networking best practices, social networking scams, social networking sites, social networking sites security, social networks, social responsibility, Social Security, Social Security Card, social security number, Social Security number fraud, social security number theft, Social Security number thefts, software, Software-as-a-Service, solid state drive, Sony, South Korea, spam, spam mail, Spams, spear, Spearphishing, Spellstar, SpyEye, Spyware, sql attacks, SQL Injection, SSN fraud, st. patricks day, State of Security, stay protected online, stay safe from phishing, Stealth, stealth attack, stealth crimeware, stealth detection, Steve Jobs, Stinger, stolen cards, stolen mail, stolen medical card, stolen passwords, stolen Social Security number thefts, Stop.Think.Connect, storage, student loan applications, Stuxnet, subscription, substation, Suites, summer activities, Summer holidays, summer vacation, Support, support services, surfing, suspicious messages, swine flu, Symbian, T-Mobile, Tablet, tablets, tablet security, TAGITM, targeted attacks, taxes, tax filing tips, taxpayer warning, Tax Preparer Scams, tax returns, tax scams, tax season reminder, TCO, teacher abuse over the internet, Tech Data, tech gifts, technical support, technology development, technology trends, teen hate video, teens, teens online dating, teens online safety, teens posting video, Telecommunications, Testing, text message, text messaging, The VARGuy, threat, threat reduction, Threats, threats on women's day, thurber, Tips, tips and tricks, Tips for Consumers, tips to mobile security, tips to stay safe online, TJX, Todd Gebhart, toolkit scam, tools, Total Protrection 2012, TPM, traffic manager, travel related online scams, travel risk, travel security, trending topics, trojan, trojan banker, trojans, Trust and Safety, Trusted Computing Module, trustedsource, trusted websites and web merchants, Trustmark Security, tweens, tweet, Tweets, twitter, Twitter celebrities, Twitter online security, twitter spam; phishing; twitter scam, type in website address incorrectly, types of phishing, typing in incorrect URLs, typos, typosquatting, U.S. Cyber Challenge Camps, UAE, Ultrabook, unauthorized credit card transactions, Underground Economies, unique password, United Arab Emirates, unlimited technical support, unprotected PCs, unsecured unprotected wireless, unsecured unprotected wireless security risks, unsecured wireless, Unsecure websites, unsubscribe, UPS scam, UPS scams, urchin.js, URL hijacking, URL shortening services, USB drives, use of cookies advertising personal security, use of Social Security number (SSN) as national ID, US ESTA Fee Scam, US passport, US Visa Waiver Program scam, valentine scams, valentines day scams; romance scams; email spam, valentines day scams; romance scams; valentine threats, Vanity Fair, vbs, Vericept DLP, verify website's legitimacy, ViaForensics, video game, vinoo thomas, violent video games, Virtualization, VIrtual Machines, Virtual Sales Kickoff 2012, virus, Viruses, Virus protection, VirusScan Enterprise with ePO 8.8, visa, vista, VMworld 2011, Vontu DLP, vPro, vulnerability, vulnerability management, Vulnerability Manager, vulnerability manager for databases, waledac, WAN, water facility, water pumps hacked, water treatment facilities hacked, wave secure, web, Web 2.0, Webinar, web mobs, web protection, web searches, web security, Websense DSS, Web services, web sites, web threats, welfare fraud, wells fargo, what to do when your wallet is lost missing or stolen, white hat hackers, Whitelisting, Wi-Fi WEP WAP protection breach, wifi, Wii, wikileaks, windows, Windows 7, Windows Mobile, Wind River, work with victim restore identity, World Cup, world of warcraft, worm, Worms, wrong transaction scam emails, www.counteridentitytheft.com, Xbox, Xerox, xirtem, xmas, xss, youth, youtube, you tube videos, Zbot, Zero-Day, ZeroAccess, zeus, zombie, zombie computers, zombies, • Facebook etiquette, • Most dangerous celebrity, • Parental control
McAfee Labs :

The darksides domains

Thursday, September 4, 2008 at 1:28pm by Archive
Archive

Inspired by Igor’s post (and whilst Terry is dancing in doorways) I’ve taken some time out from my current project and beaten a path through the tangled web of service providers, registrars, resellers and registrants of the domain name system supporting the darker side of the web.

This investigation originally started when Garth from Knujon pointed out that Directi have some shill registrars on their books (Whilst I was enjoying the Kaiser Chiefs @ Rock en Seine in Paris no less). I then read Brian Krebs post about Atrivo being one of the best known dangerous networks around… He finished with a teaser note about ESTDomains. So guessing whats coming next I’m going to jump the inter-networking gymnastics that binds EST with Atrivo/Intercage/(cernel|inhoster)/Etc, privacy services and others and start at the far end of the story and expose a secret about a not-so-little Indian company called Directi and shine a light on the almost invisible but vital service that powers the domain registration core of the largest group(s) of bad-actors on the web today.

Let me provide some bullet points about the Directi Group of companies to get you up to speed.

  • Directi are a privately owned Indian company with a reported turnover in excess of $300M USD.
  • Directi own LogicBoxes the maker of a product used to manage the registrar relationship with registries.
  • Directi own the reseller Resellerclub.com, and the registrar Answerable.com amongst others.
  • Directi own skenzo.com a domain typo squatting monetization service.
  • Directi’s Logicboxes are responsible for over 3.5M domains, about 45K resellers across 50+ ICANN accredited registrars.
  • LogicBoxes has no acceptable use policy (AUP) for their service.

That last point is the weak link in the chain. Directi’s Logicboxes provide domain registration automation services under contract but without an AUP, and to organizations that have an un-holy tie to organised crime at that.

LogicBoxes is a software product or turnkey ASP solution but some simple tests (that I’m deliberately withholding for now) prove that it’s software combined with a backend service and Directi are involved at every stage of the game via it’s service-layer even though it looks on the face of it like they aren’t.

(If you don’t understand the cats-cradle of knotted string that holds the domain name registration system together then blame John Levine as he has admitted it’s all his fault and this slide explains it all, “apparently” ;) ).

So on the the murky world of Registrars also being Resellers and why:
ESTDomains, Dynamic Dolphin, to name but a few are huge Directi resellers, and as ICANN accredited registrars also customers of LogicBoxes too. But as Garths and Brian’s posts show there are also many other “shill” registrars and unanswered questions too. However between them they provide a disproportionate amount of domains that are used for illegal activities and most have a path back to Directi’s logicboxes service. I’d estimate the total to be north of 100,000 domains by now, everything from Social networking spam through illegal pharmaceutical supply to botnet command and control.

There is a metric truckload of publicly available evidence for anyone that still doubts the darkness of their hats take a look at the URIBL listings for the last 5 days for ESTdomains. All the linked domains are sites you do not want to click as they contain spam landing pages, fake anti-mailware, porn with fake codecs amongst other things. Why on earth a legitimate registrar would not monitor uribl’s published information and act on it is completely beyond me.

ICANN don’t help the situation by accrediting registrars without a verifiable legitimate address and well publicized & working contacts. We have procurement and vendor qualification processes that’s a real pain some times excellent IMHO, I’ll ask someone to send them a copy ;)

Our friends at Spamhaus have plenty to say about ESTDomains too on many listings, take a look at their nameserver listings for starters SBL53320 SBL53319. Searching ROKSO will reveal a whole lot more. As for Atrivo, it’s a rats nest of issues; A rats nest that would do well to fall off the internet. For more information on the internet-gymnastics I jumped over take a look at this great pdf from hostexploit.com. Keep in mind though that some of the feeder transit networks may be owned or run by the same gang and just exist for redundancy.

The ESTDomains that I’ve investigated first hand have generally fallen into two camps, one where they are registrar directly and one where PublicDomainRegistry is mentioned in the whois, the latter being the “shill” sorry I mean “white labeled Registrar” for the previously mentioned Directi company “resellerclub dot com“. The fact that PrivacyProtect.org is Directi’s whois privacy service (pasted from here) for resellers just makes matters worse.

Don’t get me wrong, Directi have a clue, register a domain directly with a Directi owned registrar and break the AUP and they will act well as any registrar must. I’m specifically talking about the other services they provide to the criminal corners of the web.

It would appear too that the ESTDomains portfolio has had their privacy protection revoked too, this is definitely a step in the right direction. (Breaking news this evening from El Reg and knujon, nice work guys) However, these guys move pretty fast and recently EST moved their privacy needs to their own protectdetails.com domain.

So finally I have to ask those making money by providing the core services Bhavin Turakhia & Divyank Turakhia from Directi, you clearly know the score, so when will you completely stop supporting the illegal acts of EST, DD and other very obvious darkside entities and kick the bad apples out?

Before anyone from a registry or registrar starts the classic “Smith & Wesson” rant think about this, “Smith and Wesson” don’t sell maps or cars, drive you to the forest, apply your camouflage, help with your ICANN accreditation or load your gun for you ;)

Bookmark and Share

Tags: , ,

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

CAPTCHA Image

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (3)

  • Chris Barton September 8, 2008 6:19AM

    Hi, Thanks for the verbose response. Permit me to comment inline.

    We are extremely surprised to find that you too have made the mistake of publishing frivolous and defamatory statements, without bothering to verify its truthfulness or accuracy.

    I posted some research mostly about EST, some opinion and some links. I welcome further discussion that does not steer away from the point of the post.

    Furthermore, you have completely ignored our challenge (http://blog.directi.com) to the Knujon and Hostexploit reports, which shatters the very basis of their claims. In our blog article, we have provided specific details which will at the minimum, give you strong reason to believe that Directi is being made the scapegoat and is unfairly dragged into this story. The plausible reason for victimizing us, is for the sake of enhancing the story’s sensationalism. Think about it – without implicating the likes of ICANN and Directi, Knujon and Hostexploit’s reports wouldn’t have come anywhere close to the traction and exposure it has received to date.

    Sorry I didn’t ignore it. The post was written the day before your response. We had a few hours of internal delays posting it as the editor is in the USA and I’m in the UK.

    Yes, Knujon shook the big tree. He might not have been 100% correct first time but he has highlighted a number of good points that were interesting. In fact my first email response to him was in your defense (in a registrar capacity), whilst I was at that concert. I did my own research at a tangent into the supply chain and the LogicBoxes setup, and discovered for myself how EST’s various registration processes worked via your systems. That I’m afraid is not a scapegoats position.

    I am however glad to see your joint response. I still think there is significantly more work to be done.
    This is a real opportunity to show that you are willing to listen to the community and deal with troublemakers.

    It is unfortunate that you seem to make a false allegation of your own, about LogicBoxes not having an AUP for its service. Well, ever since our inception in 2001, we have a very comprehensive AUP in place, which is duly enforced with every client. A copy of the same will be followed by this post.

    Now that I’d like to see. I couldn’t find on the LogicBoxes website or via google (1,2), I did find something about the not querying the API too much, and having a complaints address however nothing obvious that stated LogicBoxes could at their discretion terminate a relationship for continued abuse.
    If it were published prominently the community would help out and quote it at abuse@ staff when making complaints.

    If you do have an AUP that covers the LogicBoxes service how come it’s not been used yet? I can still see *new* business spreading downloaders.

    Much to the contrary of what you have written, Directi continues to be one of the most proactive players today in terms of combating abuse and implementing strict AUPs. We have a significant investment in terms of manpower and processes to achieve just this. We do so, not because we’re contractually obligated, or to protect our own business interests, but because we sincerely believe in the ideology of making the internet a safer and more secure medium for conducting business. As a matter of fact, we have a ZERO tolerance policy towards unscrupulous activities, and therefore extremely shocked by this incident.

    I have recognised that with your in-house registrars this is not in dispute.
    As for making the internet a safer place, lets be frank for a second and get back to the focus of the post. You guys know the score with ESTDomains and friends but continue to provide them with the service layer for domain management.

    On another note, I request you to understand the limitations registrars and related service providers face in tackling these issues. Despite having a dedicated abuse complaints processing team, it is impossible for us to deploy the necessary resources and expertise to manually authenticate the legal status of each of the 4 million + sponsored domain names. A false positive could lead to a significant loss for an innocent customer, for which we will be squarely responsible. Things get even more difficult when other registrars that use our platform, are less sensitive towards their moral responsibilities. Sure – we’d like to pull the plug and permanently close our business with them, but how does one protect the several hundred thousand innocent website owners that also happen to use their services?

    I made no complaint about false data as I did not want to muddy the waters of responsibility further because I clearly realise the issues involved.
    I’m McAfee’s representative for all domain related matters at the APWG so I do understand the limitations of registries in this area, registrars are a different kettle of fish as they have AUP’s in their arsenal. In much of this abuse I recognised that Directi are not the registrar, they are only the service platform and did my best to stress that point. I’m sure you’re aware that this is exactly where AUP’s and proactive abuse management come in to play. You clearly know what these customers (resellers and registrars) are up to and yet you let them continue to be new business, you can appreciate why the community want to progress this matter further.

    Please don’t suggest that domains on bad-guys accounts that have not had complaints are fine. Given that you appear to use an infinite reseller model I assume you can see every individual customer accounts too. The Internet community is not going to fuel your abuse operations, just the reactive abuse operations.

    [Readers - do not visit the domains in the next paragraph]
    Some examples if I may: If you get a complaint about silafine .com (domain created yesterday) for hosting some malware you need to look at the other domains on the account too (I’m betting on : zowidicen ytujezuruwa orelilukaryd takeworiwu .com being related somehow), rinse and repeat, and ding the reseller/registrar for repeatedly not paying attention too. Thankfully your abuse ops took down the backend for this scam on request, and here is the proof of the pudding they moved to another domain owned by the same guy “seodancer@gmail.com” who also ownes malware-scan.com, spyshredderscanner.com on a different reseller and probably 100 others too, but you have previously suspended powerantivirus .net but not the others including powerantivirus .cc that was registered at the same time?

    I would also sincerely request you to ensure that in the future when referencing reports of this nature, you extend to the subject, an opportunity to confirm the facts.

    We’ll also be glad to clarify your doubts on the above mentioned facts, over a conference call. If you’d like that, do provide us with an appropriate time and number on which you can be reached.

    I’m clearly an advocate here and I don’t doubt the content of my post, but of course I’m willing to discuss the points raised and I’m more than willing to help if you’re taking action.
    I’ve left you a message with my direct contact details with your assistant.

    Directi’s anti abuse staff also have an invite to the next APWG meeting (Wed/Thur sessions). It’s a great place to discover what the criminals are actually doing and press the flesh with those fighting cybercrime.

    Some of the reputation damage that has been caused as a result of this incident is probably beyond repair. However, I do hope to receive your full support in taking remedial actions for the sake of limiting this damage, and for fulfilling a moral responsibility.

    I’m inclined to disagree here too. It’s an opportunity to flex that AUP and show your fortitude to protect the the online community. Also you really shouldn’t be worried about reputation if you are confident you’re process is adequately dealing with situations created by black-hat customers before they get to this stage. Acting on the perpetrators will do more good for your reputation in the long run than acting on individual domain complaints.

    Reply
  • vert September 5, 2008 7:11PM

    …(and whilst Terry is dancing in doorways) …
    Rotflmao!!! ;-)

    Reply
  • Sandeep Ramchandani September 5, 2008 5:12AM

    Dear Chris,

    We are extremely surprised to find that you too have made the mistake of publishing frivolous and defamatory statements, without bothering to verify its truthfulness or accuracy.

    Furthermore, you have completely ignored our challenge (http://blog.directi.com) to the Knujon and Hostexploit reports, which shatters the very basis of their claims. In our blog article, we have provided specific details which will at the minimum, give you strong reason to believe that Directi is being made the scapegoat and is unfairly dragged into this story. The plausible reason for victimizing us, is for the sake of enhancing the story’s sensationalism. Think about it – without implicating the likes of ICANN and Directi, Knujon and Hostexploit’s reports wouldn’t have come anywhere close to the traction and exposure it has received to date.

    It is unfortunate that you seem to make a false allegation of your own, about LogicBoxes not having an AUP for its service. Well, ever since our inception in 2001, we have a very comprehensive AUP in place, which is duly enforced with every client. A copy of the same will be followed by this post.

    Much to the contrary of what you have written, Directi continues to be one of the most proactive players today in terms of combating abuse and implementing strict AUPs. We have a significant investment in terms of manpower and processes to achieve just this. We do so, not because we’re contractually obligated, or to protect our own business interests, but because we sincerely believe in the ideology of making the internet a safer and more secure medium for conducting business. As a matter of fact, we have a ZERO tolerance policy towards unscrupulous activities, and therefore extremely shocked by this incident.

    On another note, I request you to understand the limitations registrars and related service providers face in tackling these issues. Despite having a dedicated abuse complaints processing team, it is impossible for us to deploy the necessary resources and expertise to manually authenticate the legal status of each of the 4 million + sponsored domain names. A false positive could lead to a significant loss for an innocent customer, for which we will be squarely responsible. Things get even more difficult when other registrars that use our platform, are less sensitive towards their moral responsibilities. Sure – we’d like to pull the plug and permanently close our business with them, but how does one protect the several hundred thousand innocent website owners that also happen to use their services?

    I would also sincerely request you to ensure that in the future when referencing reports of this nature, you extend to the subject, an opportunity to confirm the facts.

    We’ll also be glad to clarify your doubts on the above mentioned facts, over a conference call. If you’d like that, do provide us with an appropriate time and number on which you can be reached.

    Some of the reputation damage that has been caused as a result of this incident is probably beyond repair. However, I do hope to receive your full support in taking remedial actions for the sake of limiting this damage, and for fulfilling a moral responsibility.

    Best Regards,

    Sandeep Ramchandani
    Strategic Partner Manager – The Directi Group
    Tel : +1 (832) 295 1535 Extn: 7624
    Fax : +1 (904) 369 0153

    Reply