The Professional Web, this is what “.pw” domains being projected / promoted as.
Very lately we have been observing a rise in spam originating from .pw domains. PW ccTLD had recently started providing domains for registrations and that too at a price much lower than those of .com domains.
Many of the researchers will concur that low price, is an invitation to spam and malware domain registrations. For years researchers have been battling with various registrars to either sinkhole or get the domains suspended, in order to maintain a clean and neat Internet.
However, it has been my personal experience that not every registrar or a registry will assist you in this task, they may present to you numerous hurdles or may simply redirect your complaints to the rogue registrar.
Yes, rogue registrars do exist, these registrars, will dilly dally, give you vague explanations or will simply ignore your requests for reviewing a domain, which had been registered with the intention of serving malware / spam.
Previously, I had mentioned about .ru ccTLD and its association with the numerous malicious domains . The difficulties which are being faced by this registry are tremendous and unimaginable.
However, there is one registrar which has stood against all odds and have stuck to their promise of providing us with a clean Internet. Their Zero tolerance policy is not just mere words, they back it up with action.
Directi Internet Solutions Pvt. Ltd., is the registrar which controls the .pw ccTLD and other TLDs. In past few days, their actions have spoken louder than their words. They are only organization to have recognized the importance of identifying rogue registrants, the domains registered by these rogue registrants and ultimately taking preventive measures. PW ccTLD was infested by spam domains and in past couple of days, they not only identified the rogue entity and took preventive measure against this entity but also suspended the domains. Its a +1 for such a young ccTLD.
Lower priced domains coupled with a proactive and an alert compliance / anti-abuse team will always ensure that TLDs controlled by Directi will remain devoid of malware / spam domains, although not 100% but certainly not like the .ru ccTLD or other registrars who always end up in the top 10 malware TLD lists.
I have been writing blogs about the methods to detect rogue registrant and these have been based on my interaction with the compliance team of Directi and my personal experience. Link 1 and Link 2, these links describe the various methods used for finding out rogue registrants
Moreover, whenever other registrars were made known about these methods they simply chose to ignore and if its the good registrar then they will take action only against those domains which have been submitted for review.
One registrar, even went to the extent explaining, that, since the malicious domains are not hosted on the infrastructure provided by them ie. their hoisting service, they cannot take any preventive action. These are rogue registrars and no one seems to do anything about them.
In the ecosystem of Internet, domain registrars play a very important role in order to maintain and sustain Internet, and in future, only security conscious Registrars who take proactive steps will survive. At some point of time in future, I believe that action will be taken against the very existence of Rogue Registrars , its only a matter of time. Today Internet is controlled and governed by the Individual laws of the Countries but the day is not far away when we will find each and every country, arriving at a common consensuses on how to tackle Cyber Crime and Cyber Criminals. Be it the domain registrations or hosting servers, all under one unified law – sounds like an Utopian ideology?
To sum it up : I hope, other domain registrars, learn a thing or two about tackling the menace of malicious domains from Directi and their compliance team.
Los dominios “.pw” se están promoviendo como Web Profesional (Professional Web).
Recientemente hemos observado que el crecimiento de spam se origen de los dominios .pw. PW ccTLD han ofrecido registraciones por un costo muy bajo que los dominios de .com.
Se ha observado que el precio bajo entrega spam o malware en los registradores de dominios. Por anos los investigadores han batallado con varios registradores a suspender estos dominios para mantener el Internet limpio.
Sin embargo cada registrador no te asisten en este trabajo, algunos de ellos pueden dirigir tus quejas al registrador de rogue.
Si, los registradores de rogue existen. Ellos no te darán clara explicaciones o ignoran tu solicitud para revisar un dominio que han sido registrados con la intención de entregar malware/spam.
Anteriormente, he hablado acerca de .ru cTLD y sus asociados con sus varios dominós maliciosos. Las dificultades que han tenido con este registrador son tremendas.
Sin embargo, hay un registrador que ha cumplido con su promesa de proporcionar un Internet limpio.
Directi Internet Solutions Pvt. Ltd es un registrador que controla el .pw ccTLD y otros TLDs. Es la única organización que han reconocido en la importancia de identificar los registradores de rogue y tomar medidas apropiadas de prevención. PW ccTLD estaba infestado por dominios de spam y no solo identificaron la entidad de rogue pero también suspendieron los dominios.
Los equipos de Anti-Abuso siempre van a asegurar que los TLDs que son controlados por Directi se mantengan limpios de malware o spam, aunque no es 100% pero no como otros registradores como .ru ccTLD quienes que siempre llegan a la lista de los 10 primer malware.
He escribido sobre los métodos a detectar el registrador rogue. Enlace 1 y Enlace 2, estos son enlaces que detalle el uso de diferente métodos para detectar los registradores de rogue.
Un registrador explico que no se puede tomar medidas preventivas ya que los dominios maliciosos no son alojados en la infraestructura. Estos son los registradores de rogue y nadie está tomando las medidas necesarias.
Los registradores de dominio hacen todo para mantener el Internet limpio y en el futuro solo los registradores de seguridad tomaran las medidas necesarias para seguir adelante. Creo que en el futuro se va tomar medidas contra los registradores de rogue. Hoy en día el Internet es controlado por las Leyes Individuales del País pero un día vamos a llegar a un punto cuando podemos atacar los criminales cibernéticos.
3 Comments
Myrtle U. Gallegos
There are about 450 accredited domain name registrars worldwide, but at least one-third of all active rogue pharmacy sites are registered at Internet.bs, a relatively small registrar that purports to operate out of the Bahamas and aggressively markets itself as an “offshore” registrar. That’s according to LegitScript, a verification and monitoring service for online pharmacies.
R Sachin
The list of rogue registrars is endless, however, there are some registrars who are actively into providing their services for Malwares, you may say its their field of specialization.
R Sachin
Hi David,
.pw storm:
The root cause as I have pointed out is the price of a .pw domain. Bad-guys will/are, getting attracted to this low price, however selling a domain for 8$ and then not taking any action or using delaying tactics to suspend a domain is worst that can ever happen.
It simply doesn’t matter whether a domain is sold for 8$ or 4$ – taking preventive action, not only against the erring domains but also against the registrants is lacking with most of the registrars. Directi,in this regard are far better.
Regards
Sachin R