Three cheers for ICANN!
Wednesday October 29, 2008 at 7:09 am CST
Posted by Chris Barton, Research Scientist and Artemis Geek
I never thought I’d see the day!
ICANN found it’s dentures down the back of the sofa and taken a bite out of the criminals domain registration empire. ESTDomains will no longer be a registrar as of Nov 12th. [pdf]
So I’ve got a question… Who’s got the balls to take on ESTDomains problems “customers” ?
“ICANN Seeks Expressions of Interest from Registrars to Receive Bulk Transfer of Names from De-Accredited Registrar EstDomains”
I recently presented at APWG to encourage the anti-phishing community that registrars and registries can actually act rather than pleading innocence or the classic “our hands are tied” type excuses. In the case of fast-flux they are probably the only ones that can help in fact. I encouraged participants to point out that registrars and registries are guilty of acting illegally in many jurisdictions by facilitating illegal or infectious sites.
The general stance was that if Directi can clean them out then so can anyone else.
I pointed out that between 2 registrars (EST and Klik/Vivids) about $1.5M of revenue had taken place with Directi (who gives a healthy proportion of it to Verisign Etc…). I concluded with a slide to motivate participants to “Hug a Registrar” and I implore our readers to help out too. Anyone scoring over 30% on this uribl page is a prime candidate for advocates in the community to reach out and “help”.
So here is my top 5 for today:
#1 Moniker - Infested with spammers and pirated software sites. (MSOffice isn’t €79.95 delivered in a zip file)
#2 XIN NET - This is where the Pill spammers moved to and have given the .cn TLD a bad name.
#3 35 Tech & OnlineNic - Same as above but with more variety in pill sites and some casinos thrown in too.
#4 Planet Online - (Surprised to see them so high) Home of the unique URL “snowshoe” spammers ? almost legit ? The real world doesn’t care for their bulk and whois protected domains (via directi’s Logicboxes), or fake contacts.
#5 Dynamic Dolphin - Owned by Scott Ricter’s Media Breakaway, formerly bankrupted OptinRealBig . MS won cases against him in New York in 2005. This accreditation is probably against ICANN’s policy. These days they generally annoy via social networks.
#Bonus - *.directNIC [Mikko's open letter]
This is almost 2 years too late and took far too much media attention to shake their tree. The worst of the criminals left EST for other registrars after the “defecation meets the rotary oscillator” in August, but never the less, that (so I’m told) this is quick for ICANN 
Hip Hip…
October 29th, 2008 at 08:07
…and yes, #6 on the hit list would be cnnic.net.cn
October 29th, 2008 at 11:34
[...] the organization that controls the top-level domains, has pulled the accreditation of EstDomains, a hosting provider that has been under fire for months from the security community for allegedly [...]
October 29th, 2008 at 16:33
[...] the organization that controls the top-level domains, has pulled the accreditation of EstDomains, a hosting provider that has been under fire for months from the security community for allegedly [...]
October 30th, 2008 at 03:58
[...] think anyone in their right mind is going to want to take on these domain names,” said Chris Barton, research scientist for McAfee AVERT Labs. “A registrar would have to be either very reckless [...]
October 31st, 2008 at 04:42
A presidential campaign and four senate campaigns have an IP-spoofing vulnerability on their donation page. Please comment. Innocent mistake or vehicle for massive campaign fraud?
barackobama.com
alfranken.com
marylandrieu.com
udallforcolorado.com
begich.com
Technical eval here (pardon the politics): http://directorblue.blogspot.com/2008/10/obama-donation-site-accepts-spoofed-ip.html
Please keep my identity confidential.