Cyber-Criminals Launch Phishing Attacks Using Free Domain ServicesBy CIOinsight | Posted 04-27-2011
Scammers have shifted tactics to use free domain services to launch phishing attacks, according to a research report.
A significant number of phishing attacks in the second half of 2010 originated from Tokelau's .TK domain and Korea's .CO.CC sub-domain, according to the latest survey released by the Anti-Phishing Working Group on April 27. The report examined all phishing attacks from July 1 to Dec. 31 collected by the Anti-Phishing Working Group and supplemented from multiple private sources.
By offering free domain names, .tk has become the third largest country-code top-level-domain after Germany's .DE and Great Britain's .uk. Scammers are snapping up the free .TK domains in droves.
While there were phishing domains registered across 183 top-level-domains, 89 percent were concentrated in just four, including .com, .tk, .net and .info. Tokelau is a group of three tropical atolls in the South Pacific Ocean with a population of 1,400 people that is a territory of New Zealand.
Phishing attacks occurred on 42,624 unique domain names and 2,318 unique IP addresses in the second half of 2010, the report found. To put it in context, there were 205.6 million domain names in October, according to Verisign. Since the researchers defined an attack as a phishing site that targeted a specific brand or entity, one domain name could host several discrete attacks against different banks.
Of the phishing domains, about 28 percent were registered specifically for malicious purposes, the researchers found. Nearly half of those malicious domains were registered specifically to phish Chinese targets. The remaining phishing domains were legitimate domains that have been compromised.
"Every .tk domain used for phishing was maliciously registered," the researchers wrote.
Recent reports from major security firms, including Symantec, have noted that a significant amount of malware attacks originated from China. This is apparently not a one-way street, as attackers are also "aggressively" targeting Chinese e-commerce sites and banks as well, the APWG report found.
For more, read the eWEEK article: Cyber-Criminals Register Free Domains and Sub-Domains for Phishing Attacks.