Keeping the Heat on Registrars

 
 
By Matthew Hines  |  Posted 2009-02-10 Email Print this article Print
 
 
 
 
 
 
 

With all the negativity to reflect upon in the world of IT security these days, there has been a pretty cool trend emerging over the last year or two as grassroots researchers have experienced greater success in calling out online miscreants in public and then seeing those organizations snap-to or go under.

Witness the successful effort to take down notorious hosting provider McColo last November as proof - it does seem like the people can and will be heard on matters of security when they can find the right constituencies to speak to, and when they have the right things to say.

KnujOn, a research effort aimed at stemming the tide of spam and e-mail-borne malware attacks, is one of the parties who have had some success to that end, specifically in shining a light on some of the Internet's least ethical registrars.

The research project published its first list of nefarious registrars in May 2008, identifying a top ten list of companies who it said were making it possible for much of the world's spam, malware and infected Web sites to flourish. Since that time, eight of the companies noted in the report have either been ordered to clean up their acts by ICANN, made commitments to better police their customers or mysteriously begun eliminating badware sites from their customer rolls.

Given, two others have not, but, KnujOn has proven that it is undoubtedly making some progress, even if the bad guys are merely finding new hosts for their businesses. Sooner or later, something will have to give if the pressure is continually increased where it can be, on the registrars who ultimately answer to ICANN.

All that said, KnujOn has published a new top ten list of the world's most notorious registrars. The group estimates that a resounding 83 percent of all badware sites it can find worldwide are somehow propped up by the registrars listed. Unfortunately, the leading registrar named in the rankings is the same that topped the May list, China-based XIN NET. The number two registrar, eNom, is the only other holdover, and has apparently only become more culpable in moving its way up from the lower end of the rankings in May.

Time will tell if the newest list has the same effect as the last one, but calling out the included companies for supporting a good deal of the world's cybercrime infrastructure certainly can't hurt at all.

According to KnujOn, the world's top ten most unsavory registrars currently are:

-XIN NET

-eNom

-Network Solutions

-Register.com

-PLANETONLINE

-RegTime

-OnlineNIC

-SpotDomains

-Wild West

-HICHINA Web Solutions

As many of the companies included on the initial list claimed that they were merely unaware that they were being used as proxies for cybercrime, KnujOn researchers said that publishing the list is a truly effective manner of effecting change since it allows the firms involved to change their policies and improve their overall standing.

"We believe this is a question of effective controls and good policy. Registrars may lack adequate abuse staff or awareness of the problem. Some simply do not know who their bad customers are. It is important to understand that these problems can be fixed!" the group said in a post to its blog site.

Prior to issuing the report, KnujOn said that it directly contacted each company to inform them of their inclusion, and tell them where they're having problems, such as by highlighting problematic customers that they support.

Let's hope that we see the same results as last go round.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel