|
Tweet Follow @spamhaus |
|
|||
![]() Poor sending practices trigger a tidal wave of informational listings Spamhaus Botnet Threat Update: Q4-2021 SERVICE UPDATE | Spamhaus DNSBL users who query via Cloudflare DNS need to make changes to email set-up Spamhaus Botnet Threat Update: Q3-2021 Spammer Abuse of Free Google Services Spamhaus Botnet Threat Update: Q2-2021 Emotet Email Aftermath Wordpress compromises: What's beyond the URL? Older News Articles: ![]() ![]() |
Anyone remotely involved in the fight against spam has heard of the Storm worm. While Storm has used a variety of social engineering tricks to propagate, the e-card method has always been a popular one. What better a moment to send an e-card than in this holiday season? That's probably why the Storm botnet gang began pumping out large amounts of fake holiday season e-cards on Christmas Eve. All these fake e-cards are hosted on domains such as merrychristmasdude.com, newyearcards2008.com or newyearwithlove.com, to name a few. This is not regular hosting, this is all fast-flux hosting. This means that the IP addresses hosting the content change every few seconds. This technique makes it virtually impossible for ISPs to take down the site because the fast-flux pool is fed with thousands of infected "botnet" machines that serve up the content. The only fast and effective way of shutting down a fast-flux hosted website is to shut down the domains involved. If the domains are removed from the TLD rootservers they cannot be resolved anymore, this makes the fast-flux hosted websites unreachable. The only party that can shut down a domain is the registrar where the domain was registered. With the advent of fast-flux hosting, registrars now have a critical role in enforcing a policy against spam. That is why Spamhaus sees it as an absolute must that registrars keep in touch with--and react to--today's spam & virus issues. While many registrars are very cooperative, others have not yet addressed the problem. In this case the Storm worm people have registered their domains through Nic.ru. This does not look like a coincidence, because thus far Spamhaus has been unable to establish contact with Nic.ru to have the domains involved shut down. Of course it is the holiday season, but we assume that even Nic.ru has a 24/7 staff to keep things running and to react to serious issues. This is a very serious issue, involving a massive flood of spam designed to infect many thousands of end-user machines. Due to the fast-flux nature of the hosting only Nic.ru can effectively put a halt to this malware disguised as a fake greeting card, stop thousands of internet users from becoming infected with the Storm worm and becoming senders of spam right after that. Unfortunately, Nic.ru has failed to react to all of our efforts at contacting them. Given the huge impact of the Storm worm, the impact Nic.ru can have by suspending the domains involved and their failure to react promptly, Spamhaus has no other option than to list critical parts of their infrastructure in SBL to get their attention. Holiday season or not, organizations like Nic.ru need to react when alerted to serious problems like these. ![]() ![]() |
![]() ![]() ![]() ![]() ![]() ![]() |
![]() Permanent link to this news article: The increasing importance of registrars in the fight against spam http://www.spamhaus.org/news/article/624/the-increasing-importance-of-registrars-in-the-fight-against-spam ![]() |
![]() Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record. |
|