Chinese registrars need rap on knuckles, expert says
A computer security expert is calling for action against two Chinese companies that he and other analysts allege are facilitating spam and cybercrime on the Internet.
Both of the companies, eName (http://www.ename.com/) and Xin Net Technology (http://xinnet.com/), are domain name registrars. They sell domain names and the corresponding registration services that allow a Web site to be found on the Internet, said Gary Warner, director of research in computer forensics at the University of Alabama's computer and information sciences department.
Warner, who runs a research project dedicated to tracking trends in spam, said both companies accept domain name registrations from bad actors who can be traced to illegal activity and spam.
Xin Net came in at the top spot on a list of the most abused registrars released earlier this year by KnujOn, an organization dedicated to fighting spam. It garnered the same rank last year.
From June 2008 through February, KnujOn said it found 34,283 illicit domains linked to Xin Net, covering unregulated prescription drugs, pirate software and counterfeit consumer goods.
EName has allowed registration of Web sites selling software that purportedly allows users to spy on other people's SMS messages, Warner said. The company also allows the registration of domains names that are hosted on botnets, or networks of computers that have been infected with malicious software.
Some Web sites hosting malware and registered through eName have been active for as long as 150 days, Warner said. That's an extraordinarily long amount of time given how most good registrars and hosting companies act much faster to take harmful Web sites off the Web.
Registrars also have the power to permanently render a domain name useless, which in some cases is necessary to decapitate Web sites that are frauds or engaged in illegal activity. That means that fraudster will have to register another, different domain name to continue running a fraud site, which increases their costs.
With eName, "we are seeing an absolute refusal to cooperate with any legitimate form of an abuse complaint," Warner said. Xin Net will take minor action when pressed with a complaint, he said.
For example, Xin Net might excise one domain name from its database if that domain can be definitively linked with spam, Warner said. But spammers often register hundreds of domain names at a time so they can switch quickly to a different name if one gets shut down.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
icann
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
