Recently in phishing Category

SIDN, the registry operator for .nl, has announced the introduction of a new service for its registrars. The new phishing alert service harnesses data provided by Netcraft and will automatically email the registrar of record of any .nl domain name that is flagged as being used in a phishing attack.

Every five minutes or so, SIDN checks Netcraft's suspect URL database,
which is constantly being updated. Every time a .nl URL is added to the
database, an e-mail message is automatically sent to the relevant
registrar's administrative contact e-mail address. In other words, the
system does not rely on periodic reporting, but on almost immediate
individualised e-mail contact. It therefore provides a basis for very
rapid intervention. The service is due to enter use on February 15,
2010.

Message content
The e-mail sent to draw a registrar's attention to the fact that a
client is running a website that may be fraudulent will include the
following information:

- Suspected phishing site URL
- Host: the IP address of the system running the website
- Country: the country of origin of the IP address
- Date: the date and time that the suspect site was detected
- Target: the name of the company that seems to be targeted

SIDN are conscious of the danger of such a service and warn registrars that there may be false alarms.

It will be interesting to see how registrars and the wider internet community react to the introduction of this service.

Enom, one of the largest registrars in the world, has been targetted by phishers.

The company has posted an alert on the main page of their website with a screenshot of the fraudulent site.

It's good to see them being public about this sort of attack, though it is worrisome nevertheless

Anti-virus vendor McAfee have released their second report on Malware (pdf) which tracks incidences of malware on a TLD basis.

The previous report, which received a lot of press coverage, was very favourable for several ccTLDs, including .ie (Ireland).

This time round the Irish ccTLD may not be listed in the "dangerous" list, but the threat levels have practically doubled!

This year's report also includes data on .eu, which is showing that over 2% of EU sites are dangerous.

However those figures pale in comparison to the 19% risk rate of .hk (Hong Kong) or the 11% of .cn (China).

With such a high incidence of risk concentrated in the Asia-Pacific region the new dotAsia TLD will have its work cut out, or risk being flagged in a similar manner to .info (11.7% risk)

More coverage over on the excellent Domain Name News site

In common with many domain registries Nominet relies heavily on email for communication to registrars AND registrants.

Unfortunately they seem to have been the target of some spoofing in recent days

It sounds like they've been the victims of a "Joe Job", where a spammer basically "hijacks" a person or organisation's domain when sending mails.

More information is available on the Nominet site.

Of course the question I have to ask is why on earth Nominet aren't publishing SPF records. If they did it would help. It wouldn't eradicate the problem, but it would certainly help mitigate it.

Unfortunately they don't seem to be publishing any judging by the output of a simple:
dig txt nominet.org.uk

Maybe this recent spate of attacks will lead to a change in policy.

According to recent reports Microsoft's MSN messenger is blocking URLs using the .info extension It seems that this change only happened in the last couple of days. Has Affilias been made aware of this change? Is it an anti-phishing / anti-spam measure? Full story here

One of the strongest selling points of a regulated ccTLD is security and peace of mind. What that translates into in practice is that there is a slightly higher degree of control over who gets to register domains. In Ireland, for example, the IEDR has been able to vaunt the IE ccTLD due to its positive results in a recent McAfee siteadvisor survey. The same study gave a very positive rank to AU namespace. While this kind of reports are wonderful, deregulation to some degree is also a very positive thing. So why is MelbourneIT so against the entire idea? In a recent interview Theo Hnarakis, their CEO, expressed his reservations about the deregulation. It makes for interesting reading, though you would have to question their motivation.