10/29/2008
.tk free domains used for fastflux networks
http://atlas.arbor.net/summary/fastflux
Fastflux hosting is a technique where the nodes in a botnet are used as the endpoints in a website hosting scheme. The DNS records change frequently, often every few minutes, to point to new bots. The actual nodes themselves simply proxy the request back to the central hosting location. This gives the botnet a robust hosting infrastructure. Many different kinds of botnets use fastflux DNS techniques, for malware hosting, for illegal content hosting, for phishing site hosting, and other such activities. These hosts are likely to be infected with some form of malware.
as it is a free domain it would be quite simple (a second work) to just turn off the domain. If it is paid than they still should, if they want their business model to survive. In the mean time it becomes a domain that is a candidate for general blocking.
Longest Lived Domains 
| Domain | Started | Ended | Duration |
|---|---|---|---|
| hao123.com | 2008-05-15 | N/A | 23 weeks 5 days |
| casinogooglewebzone.tk | 2008-06-17 | N/A | 19 weeks |
| efexexpress.tk | 2008-06-17 | N/A | 19 weeks |
| fortune777lounge.tk | 2008-06-17 | N/A | 19 weeks |
| seitensprung-vermittlung2008.tk | 2008-06-17 | N/A | 19 weeks |
| trigat.com | 2008-06-17 | N/A | 19 weeks |
| casinopaintthe-town.tk | 2008-06-18 | N/A | 18 weeks 5 days |
| dagrin.com | 2008-06-19 | N/A | 18 weeks 5 days |
| google-paintthetowncasino.tk | 2008-06-21 | N/A | 18 weeks 3 days |
16:47 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment