«
»

Breaking the cyber scammers privacy wall

Ever got an e-mail spam message asking you to download a program, which ends up being a worm most of the times, or buy some illegal products? Usually, they send you to a web site, with a domain name. Wouldn’t it be nice if we could simply look up the owner of that domain name, and send the authorities against them, or at least contact their domain registrar and shut them down? After all, most of the malware are concentrated on the same domains. Turns out that it’s much more complex.

When you register a domain name such as example.com to a registrar, they usually offer the option to hide your identity using their private whois service. This is a service that will display their own information instead of your name, address, email and phone number, and not reveal your details unless they receive a court order.

The first urdle is to figure out which registrar the domain name has been registered with, and there are a lot of them. As it turns out, 20 registrars are behind 90% of the offending sites. A firm called KnujOn did an extensive investigation in the matter, exposing the registrars. Worse even, it seems not only domain names are hidden, some registrars are complete phantom companies.

As an example, when investigating Directi, one of the domain registrar behind some of the worse spam domains, while officially in Oregon, they found out that the company is really in Mumbai, and is behind 48 other registrars, some of which are also involved in the illicit activities.

In another part of their investigation, they found out that over 19,000 domain names that hosted fake pharmacy sites were hidden by a service called PrivacyProtect, itself a hidden company, which the Washington Post had reported is owned by Directi itself.

What we end up with is a completely hidden infrastructure which spammers can use to register a ridiculous amount of domain names, which are then used to send spam and malware from, hidden using a service owned by the same organization, with no accountability whatsoever.

Yesterday, the company responded saying some of the facts of the investigation are wrong. Still, we’re left with an inbox with thousands of spam and fraudulant email messages, linking sites which are concentrated at the same companies, with little hopes of solving the issue anytime soon.

This entry was posted on Friday, September 5th, 2008 at 5:58 am and is filed under News, Web. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Breaking the cyber scammers privacy wall”

  1. At time you might find it difficult to know them, but I trust God to … Domain Registrar

Leave a Reply