Menu
.Asia registry to crack down on phishy domains

.Asia registry to crack down on phishy domains

The registry for the .asia TLD plans to ban domains associated with phishing.

The registry for the new .asia TLD (top-level domain) plans to ban domain names that are consistently used for phishing sites.

DotAsia Organization has agreed to implement a policy to ban domain names associated with phishing, said Laura Mather, of the Anti-Phishing Working Group (APWG), a consortium of companies and government groups that studies phishing. She is also a senior scientist at MarkMonitor.

It's the first time that a registry has undertaken such a drastic action to stop the proliferation of fake Web sites designed to dupe people into divulging sensitive personal data. Registries are organizations that oversee technical implementation of TLDs.

Phishing remains a huge problem despite improvements in security technology. Phishers attract people to their sites by sending links through spam e-mails. The sites, which spoof well-known brands with similar-looking domain names, are usually kicked off the Internet by Internet service providers after they receive reports that a site is fraudulent.

Often, the phisher switches hosting providers using the same domain name and the game repeats.

Phishers are also increasingly using a technique called "fast flux," which is designed to ensure a Web site is always available. Fast flux allows a Web site to resolve to numerous different IP (Internet Protocol) addresses. If one server fails, a person browsing for the site is automatically redirected to another server hosting it.

Phishers are using fast flux with their sites, meaning the site's IP address changes every few minutes, redirecting to countless servers, all of which would have to be taken down. Fast flux makes it very difficult to keep a site off the Internet, turning antiphishing efforts into an endless game of chase.

"This is the weakest link online today in Internet security," wrote Gadi Evron, a security evangelist with Beyond Security. "We need to be able to get rid of domain names."

But if the TLD registry takes the domain name out of its system, the site will go down permanently, although there are some technical exceptions. One problem is a feature of the Internet's architecture designed to reduced the burden on nameservers, which match a domain name with its corresponding IP address and enable a Web site to be delivered in a browser.

When a person visits a particular Web site, a local nameserver caches the IP address of the domain name. How long the local nameserver refers to its cached record for a Web site is a feature called "time-to-live," which is set by the owner of the Web site and remains in the official DNS (Domain Name System) record for the site.

The problem would come if a registry bans a domain name, but that DNS record is still cached in local nameservers, which would still direct a person browsing to the address, Mather said.

"That's something we are still trying to deal with the technical implementations around," Mather said. "We've got really smart people thinking about it, so there may be something we can do."

Overall, the plan isn't the silver bullet against phishing, Mather said. Phishers could, of course, continue to register new domain names spoofing brands and use fast flux. But they wouldn't be able to use the same domain name over and over again, depriving them of what could be very convincing-looking domain names tricking Internet users.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Upcoming

Slideshows

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

Nutanix recently held its customer and channel event, .NEXT, in Sydney. The event, held at the Sheraton on the Park saw attendance from more than 150 channel and technology partners and customers. It was the first in a series of events Nutanix is holding in A/NZ in August and September, the objective of which is to brief partners and customers on “what’s next” in the design and management of datacentre technology.

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)
IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)

IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)

Some of the sponsors of ARN's inaugural EDGE 2015 event got together at the ARN office for a debrieef of the event. Over some drinks and cheese, these attendees got an update on some key statistics that arose from the EDGE event and discussed potential topics and improvements that can be made at next year's event.

IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)
IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

ARN hosted a distributor roundtable at Cafe Del Mar in Sydney, at which attendees and their partners discussed the changing role of the traditional IT distributor. They spoke about the challenges of digital disruption, the blurring lines of the channel in the age of digital transformation, and examined the ever-evolving business models. This roundtable was sponsored by Distribution Central, Exclusive Networks, Rhipe, and Hemisphere Technologies. Photos by ARN Editorial Director, Mike Gee.

IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments