A secure democratic Net is a fundamental right

The figures for April show that Masiello was right. But they also show something else. Many of the top-level domains (TLDs) in which the spam images are being hosted are registered in China’s .cn domain. This probably is a result of the McColo crackdown, MessageLabs said
source

This is also the case for the domains of the fastflux networks, of the domains with malware and the phishing domains.

If you don't need the domain in your environment or you need just a few, you should block .cn and whitelist all the others.

untill they clean it up.

they are no democracy anyway.

NET Virtua's DNS records reportedly were hijacked on April 11, so that customers who visited any site that ran Google Adsense content were redirected to a site that tried to install and run a Java applet that in turn installed a Trojan horse program.

Globo.com said the attackers also took aim at Bradesco, one of Brazil's largest financial institutions. NET Virtua customers who tried to visit Bradesco.com.br during the four hours the DNS records were hijacked were redirected to a counterfeit version of the site designed to steal customer credentials, the story notes

http://voices.washingtonpost.com/securityfix/

Earlier today some Turkish defacers broke into the New Zealand based registrar Domainz.net (which belongs to MelbourneIT) and redirected some of their customers' high profile web sites to a third party server with a defaced page. Companies which had their New Zealand web sites defaced include Microsoft, HSBC, Coca-Cola, F-secure, Bitdefender, Sony and Xerox.

The hacked websites carried the messages: "Hacked by Peace Crew" ,"STOP THE WAR ISRAEL". In addition the crackers inserted a picture of Bill Gates creampie'd on the Microsoft defacements

http://www.zone-h.org/news/id/4708

they simple used an sql injection in the management software of the domain registrar to change the IP address of the domainnames.

WOOOOOWWW

imagine doing that for a bank or a high level ecommerce site.

Imagine sending them to a fake securitydownload software or zero day exploit virus

Time to give security certifications to domain registrars BEFORE they can (continue) to sell any domainnames online ?

Time to block your domainname so that NO CHANGE at all can be done ONLINE to ANYTHING without confirmation on paper (fax). If you are high level, you have to treat your domainnames as high security and if you don't have the manpower or knowledge to manage this yourself, you should take a specialised agency to do that for you.

As with most things in cyberspace, the management of things becomes even more important than the launching or buying of things. People start their projects but don't calculate the costs for the permanent management and forget about it.

This is maybe a whole new business for domain registrars and will make the difference between the amateurs and the professionals.

Because if you click on the listings for the three members of the clan that made the attacks, they are truly highlevel hackers that only attack very specific targets and only in a way that it is remarkable. They are not the "script kiddies" running some automated attack tool.

We always said that you have to stop automated attacks as far away from your infrastructure as possible (router) to be able to monitor the targeted attacks by the powerful. If they can hide between thousands of scans, you will never see them.

"The end of a long drama that started last summer: Registrar Parava Netowrks(aka 10-Domains.com) has been terminated by ICANN for failing to address non-compliance of the RAA. Parava first came to our attention while working with LegitScript on a report on Underground Steroid Websites. While conduction our investigation we discovered that Parava had falsified its address."

http://www.knujon.com/news.html

This is normal as fraudulent or undergroundlinked business can't have normal addresses because it would make the money trail too obvious (and this is what the normal policework is all about if you can't get the network information).

The advantage is you could use simple stupid self-evident rules like that to completely push them outside of the normal online business system. Any mobbusiness has only one goal and that is to infiltrate the normal businessnetwork and this is also the worst nightmare of the online crimefighters, that is that the mob gets its hold on a domain registrar, ISP or complete network. It already had so last year but the rest of the networks cut all links to them (RBN for example).

The only problem is that every dns or domainregistrar should control on a permanent basis (or give this job to outside agencies) if all information is correct and act if that is not the case.

In other words, we have see Russkrainians (Russian/Ukrainian cyber criminals) use certain aspects of Chinese culture to falsely implicate Chinese involvement, and vice-versa. There is currently an especially disturbing trend of Russkrainian cyber criminals using Chinese assets (e.g. domain registrations in .CN, etc.) to implicate innocent parties.
http://blog.trendmicro.com/downadkkconfickerc-p2p-port-ge...

the only thing .cn has to do to survive is to set up a cybersecurity center (take some soldiers from the webfilters) that can close down fast mailicious new domains and contact normal website owners to inform them that they have been attacked, hacked and are being used in cybercrime.

it has always been astonishing that so many .cn domains could be used for so much cybercrime without any of those thousands of official cybersoldiers cleaning up that mess.

Some would call it cyberwar by which the official domain of one country is being undermined and blasted to blacklists because of hijacking of the domains reputation by hackers and cybercriminals.

This could happen to any domain for whcih one doesn't have to live in the country.

The .be domain has put such procedures in place and implemented them successfully twice already in the last months.

The persons who are responsable for the website stopkinderporno.be were smart enough to buy their domainname into other international domainextensions because if they hadn't they would now have been thrown from the web (or finding them would have become more difficult) after the desactivation of stopkinderporno.be at the rootlevel.

After two successful operations in which a whole list of .be domains were desactivated at the root level because they were being used in a fast flux phishing operation, this is the first case since than in which it is used during an investigation (nobody has been condemned yet).

Naturally it is all free publicity and as all the newspapers and media are publishing the new domains, there will be no problem for these people to just go on.

But criminals and grey operations will now see that there is no interest in buying a .be domainname for their operations. They could be over and out before they effectively have made their money (and victims).

It is not the place of the server or the headquarters of the firm that count here, it is the domainextension. The justice department says that they will research how they could bring those other domains down, but without a trial that will be difficult.... and if the owner now would buy all other domains - and other variations than it would become very difficult. He could also repackage the site in a zipsite so it could be copied and distributed like that or remake it in a blogstyle site so it could be reblogged (incorporated) on other blogs. He could also donate the copies with the other domains to organisations in other countries so the justice department would have to recontact each time other people and local jurisdictions. The technical administration of the site could stay in the same hands, it is the legal ownership that would change.

This is very important for all those new domainextensions that want to be launched after the new liberalisation. In which country will you be based (and under which national law) and which will be the procedure by which you will cooperate with the authorities. A security and a legal team are also needed, except if you can outsource that (a new business here in times of crisis).

The discussion about a report by master spammer fighter kijon (who helped bringing down already some big spamnetworks and services) is not interesting for the listing of the 10 and their responses (both seem more or less right), but for the suggestions in the article, responses and comments.

1. First it is a matter of interpretation how far a registrar should go to control the contact information for the whois information of the person that want to buy a domainname. You can check more than just an email address. You can check if the creditcard is authorized to be used by this person (stolen, duplicate). You can check if the address exists on Google maps. You can make sure that for example, the emailbox has to used during the whole period of ownership. You could set up a script that would send each month an email of confirmation and that would resend one if there isn't any response. If that doesn't change a thing, than you could redo the whole checking of the information. You could set up an intensive program like that for any domain or domainowner for which you receive a lot of complaints.

2. THese complaints are also difficult to send because these domainregistrars have very expensive spam and securityinstallations for their emailsystem so all your emails with all the proof of the spam are being blocked as being.... spam.

3. The biggest problem again are the resellers (and the resellers of the resellers of the resellers). This was the same problem with some software installations that were accused of being malware or spyware. They said at the time that it were affliates that were behaing badly and that they would suspend them. It should be clear that the buck stops with the main owner and that every reseller risk termination if he uses resellers that are not following the rules. Put the stakes high if you want a quick result and any businessman will think twice before continuing the same practices.

 -Yaho - Parked at Tuonome 

- Jahoo - Parked at Metaregistrar

- Yagoo - Parked at Fastpark

- Yahho - Parked at Domaindiscount24

- Yaoo - Parked at Sedoparking

- Yhaoo - Parked at Tuonome

- Yhoo - Parked at Sedoparking

- Wiikipedia - Parked at Regfish-Ns 

 - Wikapedia - Parked at Phreneticus

- Wikepedia - Parked at Fusix

- Wikiepedia - Parked at Nlhosting

- Wikipeida - Parked at ns1.hyp.net

- Wikipidia - Parked at Phreneticus

- Wikkipedia - Parked at Silentflame

- Wikpedia - Parked at Eurodns

- Wikpiedia - Parked at ns1.hyp.net

- Wkiipedia - Parked at ns1.hyp.net

- Wkipedia - Parked at Phreneticus

- Mayspace - Parked at Domaindiscount24 

 - Mispace - Parked at B-One

- Msypace - Parked at ns1.hyp.net

- Mypace - Parked at 1and1

- Mypsace - Parked at ns1.hyp.net

- Mysapce - Parked at ns1.hyp.net

- Myspaces - Parked at Phreneticus

- Myspae - Parked at ns1.hyp.net

- Myspaec - Parked at ns1.hyp.net

- Myspcae - Parked at ns1.hyp.net

- Myspce - Parked at ns1.hyp.net

- Youyube - Parked at Phreneticus

Yoytube - Parked at Eurodns

- Yputube - Parked at Eurodns 

 - Yuotube - Parked at Sedoparking

- Yutube - Parked at Fastpark

facebook.be http://forum.dmfnet.nl/

- Facbeook - Parked at ns1.hyp.net

Facbook.be - Facbook - Parked at B-One

- Facebok - Parked at B-One 

 - Faceboko - Parked at ns1.hyp.net

- Faceboo - Parked at Fastpark

- Facebooks - Parked at Online

- Facebool - Parked at Fastpark

- Facelook - Parked at Bnamed

- Faceobok - Parked at ns1.hyp.net

- Faceook - Parked at ns1.hyp.net

- Factbook - Parked at Userfull

- Faebook - Parked at ns1.hyp.net

- Faecbook - Parked at ns1.hyp.net

- Fasebook - Parked at Domaincontrol

- Favebook - Parked at Secureserver

- Fcaebook - Parked at ns1.hyp.net

- Fcebook - Parked at ns1.hyp.net

- Skyrok - Parked at Domaincontrol

- Nelog - Parked at Phreneticus 

 - Neltog - Parked at Trellian

- Netblog - Parked at Sedoparking

- Netlo - Parked at Aligneddns

- Netlof - Parked at Sedoparking

- Netloge - Parked at Trellian

- Netog - Parked at Phreneticus

- Blgger - Parked at ns1.hyp.net 

 - Blgoger - Parked at ns1.hyp.net

- Blogegr - Parked at ns1.hyp.net

- Bloger - Parked at Sedoparking

- Bloggr - Parked at ns1.hyp.net

- Bloggre - Parked at ns1.hyp.net

- Blogr - Parked at Besite

Bogger - Parked at ns1.hyp.net

- Bolgger - Parked at ns1.hyp.net

- Lbogger - Parked at ns1.hyp.net

- Skyent - Parked at Phreneticus 

 - Skyet - Parked at Phreneticus

- Skyjet - Parked at B-One

- Skyney - Parked at Phreneticus

- Skynt - Parked at Fastpark

- Slynet - Parked at Phreneticus

- Synet - Parked at dns.ovh.net

We have limited ourselves to those that seem most evident, it is up to your lawyers to go further.

Walonie - Parked at Sedoparking -

Walonnie - Parked at Je-Eigen-Domein

Bruxeles - Parked at Fastpark -

 Brossel - Parked at Amen

Delhaise - Parked at Myname

Hkn - Parked at Sedoparking (hln.be) -

Hl - Parked at Sedoparking -

Hlln - Parked at Myname

Wiitegids - Parked at Parkingspa -

Rtfb - Parked at Fastpark -

Rtvf - Parked at Sedoparking typing error

Googe - Parked at M1be

Googli - Parked at Sedoparking

Googli - Parked at Sedoparking

Googhle - Parked at Sedoparking

Googla - Parked at Sedoparking

Eabay - Parked at Sedoparking

Ebaye - Parked at Parkingspa

Ebays - Parked at Sedoparking

Ebya - Parked at Worldnic

Eby - Parked at Domaincontrol

Ebqy - Parked at ns31894.ovh.net

Ebayy - Parked at Metaregistrar

Ebbay - Parked at Full1

Zatevrienden - Parked at Belgates

Zattenvrienden - Parked at Intoworldwebhostings3

Zattevienden - Parked at Sedoparking

Zattevreinden - Parked at Dahhosting

Zattevrieden - Parked at Intoworldwebhostings3

Zattevriend - Parked at Nlhosting

Zattevriende - Parked at Eurodns

Zattevriendne - Parked at Phreneticus

Zattevrienen - Parked at Fastpark

Zattevrinden - Parked at Intoworldwebhostings3

Zattvrienden - Parked at Fastpark

Zttevrienden - Parked at Sedoparking

Microsot - Parked at Securenetim

Mycrosoft - Parked at ns23307

http://www.cepani.be/images/upload/00000757_44076-decisio...

some parts of the decision

By creating a likelihood of confusion, the Licensee attracts for commercial

gain internet users to his site or to other on-line locations. Internet surfers

may make typing errors and will be directed to the Licensee’s website

which they may believe to be the Complainant’s website or at least a

website endorsed by the Complainant. Moreover, it appears from the letter

of 7 November 2005 from the Complainant to the Licensee (Exhibit 12 of

the Complainant which is in this respect not contested by the Licensee)

that the Licensee showed at that time on his web site a drug capsule, a

drug box and scientists which adds to the likelihood of confusion with the

intend to attract internet users.

(ii) The Licensee offers the Domain Name for sale and intends to make a profit

from the sale of the Domain Name.

another important decision

Did we remind you that from the 15th of february on, your ADR procedure for a .be domainquestion doesn't cost a thing when you win

source (text en français)

Het registreren, zonder recht noch legitiem belang, van een domeinnaam die slechts door een typefout verschilt van een bekende naam, met het doel ongerechtvaardigd voordeel te trekken uit de bekendheid van de houder van deze naam (praktijk die we typosquatting noemen) kan beschouwd worden als een wederrechtelijk registreren van domeinnamen in de zin van de wet van 26 juni 2003 betreffende het wederrechtelijk registreren van domeinnamen. Deze regelgeving voorziet geen strafsancties, reden waarom de algemene directie Controle en Bemiddeling van de Federale Overheidsdienst (FOD) Economie, KMO, Middenstand en Energie geen enkele klacht genoteerd heeft in deze aangelegenheid. Iedereen daarentegen die een legitiem belang kan aantonen ten opzichte van de domeinnaam die wederrechtelijk toegeëigend wordt, heeft twee mogelijkheden om zijn rechten te doen gelden: hetzij via een vordering tot staking zoals bepaald bij voormelde regelgeving, hetzij via een alternatieve regeling van geschillen. Op internationaal vlak werd een systeem voor alternatieve geschillenregeling opgezet door het Arbitration and Mediation Center van de World Intellectual Property Organization (WIPO). Wat betreft de domeinnamen die eindigen op “.be” werd er een alternatieve geschillenregeling op touw gezet door de VZW DNS België in samenwerking met het Belgisch Centrum voor Arbitrage en Mediatie (CEPINA). Deze laatste manier van geschillen te regelen biedt het voordeel dat ze niet alleen toepasselijk is voor merknamen maar ook voor handelsbenamingen, persoonsnamen, …). Deze procedure lijkt goed te functioneren. Volgens de VZW DNS België werden er honderd negentien dossiers behandeld sinds de procedure opgestart werd in 2001. België was overigens de eerste Staat om deze procedure te installeren. Geen enkel van deze dossiers betrof websites die zich specifiek op minderjarigen richtten. Volgens de VZW DNS België werden zo’n twintig geschillen voor het gerecht gebracht in toepassing van de voornoemde wet van 26 juni 2003. Ook hier betrof geen enkel geschil websites voor minderjarigen.

Vraag 2: Gezien het geringe aantal klachten en de bestaande reglementering, in het bijzonder de alternatieve geschillenregelingssystemen, lijkt het mij in de gegeven omstandigheden niet onmiddellijk opportuun om een wetgevend initiatief te nemen. Daarenboven dient vermeld te worden dat de VZW DNS België in 2007 een systeem van Domain Name Monitoring ontwikkelde dat het mogelijk maakt om vroegtijdig typosquatting op te sporen. Indien via de bestaande regelgeving en de tussenkomst van de VZW DNS België er reeds een controlemogelijkheid bestaat om typosquatting te bestrijden, lijkt het niet aangewezen om de internetproviders daarenboven nog met een bijkomende controle of filtering te belasten.

Mochten echter in de toekomst de bestaande initiatieven niet langer adequaat blijken om typosquatting afdoende aan te pakken, zal ik uiteraard niet nalaten om de wetgeving ter zake te herbekijken.

It is important to find information and proof that the domainsquatter is putting up domainnames for sale. And to have an idea how much he thinks he will get for it

general availability

http://www.checkdomain.com/  find availability

http://www.networksolutions.com (the mother of .com)

http://www.uwhois.com/cgi/domains.cgi?User=NoAds  You can check here up to ten available domainnames in regional domainextensions at once

Safe lookup (?) There are some rumours that some services or even domain registrars are registering themselves domainnames that you have found (and than try to resell them themselves). Some software and services now give the possibility to look for (expired) domainnames in a secured way such as these services http://instantdomainsearch.com/

Free public sales listings (only services giving free access will be mentioned here)

http://www.mocus.com/search/?t=be&l=&r=&w=&q= this gives you a listing of Belgian domainnames that are for sale (mostly with English names)

http://www.namebio.com/ this is a bigger list where you can find domainnames for sale, also Belgian ones

https://www.domainsurfer.com/index.cgi  international domainnames for sale based upon a keyword

Domain evaluation - how much is it really worth ?

http://www.domainscore.com/  english names only

http://www.marketleap.com/publinkpop/default.htm  the popularity of the site

http://www.soldnames.com/  international domainname prices

http://www.domainvaluation.com/  how much is yours worth

You have some services that ask some money to receive every hour listings of domainnames that are up for sale and you have monitoring services that would serve you right if you were a big company or trademarkprotector,

but these services give you some feel for free

Expired domainnames  This FREE program will find expired domains based on various criteria including all 3-letter domains, all 4-letter domains, dictionary search, DMOZ, Yahoo, Google, Keyword finders and Keyword Generator. This also supports custom lists that you can create. This tool allow you to double click to find out more information about how popular the site it, inlcuing Alexa Information, and much more. The program can also allow you to easily register a domain.

Online FREE Services (add others in comments)

http://justdropped.com/  which gives enormous possibilities of variance

http://expired-domain.bemmu.com/  this is also a good one as it also shows you listings of filtered choices by their own staff

The following software and services is for english words but can be transferred to other languages (you can add other FREE services in the comments to be included here)

make new words without controlling the availability

http://unique-names.com/word-mixer.php and they have a lot of other services and possibilities you maybe didn’t even think off

http://www.rhymezone.com/  makes them

http://www.3la.org/toc.html  these are all the possible 3 character domainnames

http://xona.com/domainhacks/search?q=  you can split up domainnames in new ones, the web2.0 way or you can also use this service http://www.dotomator.com/

http://www.robobunny.com/cgi-bin/dislexicon  this service plays with the word and makes new words

http://www.wordconstructor.com/ make words

Make new words and test international generic availability

http://www.domainideas.com/search/?q=  this one also and gives you availability

http://www.domainit.com/domain-suggest-tool.mhtml  is interesting as it shows the available ones, but only for international domainextensions

http://www.domainsbot.com/results.aspx?tr=1&q= this one is a bit bigger and gives more results, but is clearly limited to English words

http://www.bustaname.com/   you can find new words and international generic availability

http://www.pcnames.com/generator/ makes new names based upon a generic term you place and shows the international availability

http://www.displaydetails.com/pages/suggestions?s=london does the same thing but show also siteshots on the pages which gives you a better idea if it is cybersquatted or not

http://www.pcnames.com/dict/  domainnames of the dictionary that are available

http://www.dns.be/en/home.php?n=431

It would be interesting to see if .eu can follow this example or if it will stay available for organised ecrime not knowing what to do or how to respond.

We are sure that they will keep a close eye on this and if they don't respond in time if it is repeated, we will remind them (and you)

But for the moment we are quite happy and proud, so we for the moment we are alking on clouds....

now we go on to the next target : domainsquatters

and are working on our march target.....