0 Replies Latest reply on Jan 29, 2008 8:07 AM by HarryWaldron

    Internet Domain Names - Five day grace period abused by malware developers

      The Storm worm with it's fast flux server techniques and other malware are abusing the 5 day grace period associated with registering a new website name.

      Based on recent trends, millions of domain names are being allocated and then deleted each month.:eek: This is why folks need to be careful in going to sites questionable sites based on IP numerical addresses or unusually named sites.

      http://www.avertlabs.com/research/blog/index.php/2008/01/24/is-it-domain-tasting -or-domain-misusing/

      QUOTE: When a registrar registers a domain name, there is a five-day Add Grace Period (AGP) where he may cancel his request and receive a full credit for the registration fee from the registry. This trend has been gaining popularity since mid 2005, and although it was originally set up for avoiding mistakes, the practice now is frequently abused.

      Beside the fact that some domainers use it to track names with a high potential to generate traffic and thus pay-per-click revenues, people who use the fast-flux and rockphish techniques, which we have already discussed here in detail, now use it in proportions that would be interesting to measure. Domain Tasting involves registering names only to release them very quickly and without paying for them. This practice exploded in 2007, and an incredible number of temporary domain names, having definitely been used to carry out malicious activities, were deleted at the end of this add-grace period.

      http://www.avertlabs.com/research/blog/index.php/2007/12/03/from-fast-flux-to-ro ckphish-part-1/
      http://www.avertlabs.com/research/blog/index.php/2007/12/03/from-fast-flux-to-ro ckphish-part-2/