Report: Criminal Abuse of Domain Names, Bulk Registration and Contact Information Access
Widespread Issues with Domain Registration Accountability Have a COVID Nexus

Microsoft dismantles global spam delivery infrastructure (Necurs)

Microsoft and partners from 35 countries recently took action to dismantle the Necurs spam infrastructure.
 
Microsoft's post calls Necurs a botnet but provides details that illustrate how much more than a botnet Necurs is:
 
  1. The Necurs infrastructure served as a spam delivery platform for spam, cryptomining and DDOS attacks.
  2. The spam campaigns contained stock scams, fake pharma, and Russian dating scams, malware and ransomware.
  3. The Necurs operators leased services to other criminal actors to perpetrate these attacks.
These are characteristics that the Counsel of Europe's Convention on Cybercrime identifies as criminal activities in its Guidance notes on Spam.
 
Many of the partners that Microsoft mentions are Top-level Domain registries. These operators are preemptively blocking the registration of the millions of algorithmically generated domains (DGA) that Necurs uses to name its command-and-control (C&C) host, to make its botnet resilient.
 
Kudos to the registries for their role. No thanks to the registrars whose business practices make it trivial and inexpensive to register millions of domains.
 
Takeaways:
 
ICANN, please note that spam is no longer "just content" and hasn't been for nearly a decade.
 
Everyone else, please note that registry operators, especially the gTLDs that are delegated by ICANN, are by policy and contract at the mercy of (ahem) accredited registrars like NameCheap, who is currently being sued by Facebook, Instagram, and LinkedIn for business practices that facilitate fraud. Facebook has also filed suit against OnlineNIC. These actions are long overdue and suits of this kind are perhaps appropriate for other targeted business or industries.
 
We can all only hope that litigation will resolve what multi-stakeholder consensus policy cannot: make it too expensive to sell millions of cheap domains annually and registrars will be forced to be more proactive in mitigating criminal use of domains.
 
New action to disrupt world’s largest online criminal network:
 
Protecting People from Domain Name Fraud
 
Fighting Domain Name Fraud
 

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)