The group responsible for managing the Internet's domain name system is asking Demand Media's eNom division for answers following complaints from Internet security groups.
ENom, the world's second-largest domain name registrar, came under fire last week in a report from HostExploit, a volunteer-run anti-malware research group. According to HostExploit, eNom is host to an unusually large number of malicious websites and is a preferred domain name registrar for pharmaceutical spammers.
ICANN now says that it is looking into the matter, according to Kurt Pritz, senior vice president of services with the Internet Corporation for Assigned Names and Numbers. Typically, ICANN advises people with information on illegal activity to take their complaints to law enforcement. "However, given the serious nature of some of the allegations made in the HostExploit report, we will ask eNom for their response and will follow up as appropriate," Pritz said in a statement, e-mailed to IDG News Service.
HostExploit says that some eNom resellers are violating ICANN rules by allowing customers to provide false Whois database information, not following ICANN deletion policy and generally not complying with their obligations as resellers.
HostExploit's founder, who identifies himself using the pseudonym Jart Armin for fear of retribution, expects that ICANN will now put pressure on eNom to clean up its act. "I think that's a step in the right direction," he said via instant messaging. "They're not in compliance."
According to Armin, scammers are abusing the domain name registration system to make it extremely difficult to locate the domain nameservers used by the bad guys. That, in turn, makes it hard to put illegal networks of hacked, botnet computers out of operation.
HostExploit also accuses eNom and its resellers of hosting an abnormally large number of malicious Web pages. Armin said that in terms of the total amount of bad activity, eNom is as bad as McColo. Based in San Jose, California, McColo was a notorious Internet service provider that was taken offline by its upstream service providers two years ago, after HostExploit published a report on the malicious activity on its network.
Demand Media declined to comment for this story.
HostExploit went public with its complaints about eNom in hopes of pressuring it into cleaning up its networks. ICANN's statement shows that it is getting some pressure, but typically it is the peripheral costs of malicious activity that force ISPs to act, according to Neil Daswani, chief technology officer with security vendor Dasient.
"What's happening is the search engines and the browser companies are flagging and in some cases blacklisting websites," he said. Customers then call their service providers to find out what's happening, and dealing with those support calls, and the public relations fallout from public reports, can be expensive. "But basically it generates a support cost," Daswani said. "There's no better motivator in many cases than a financial motivator."