Spammers Preying on Domain Registration Software Flaw

Jay Decenella, IT audit expert
May 30, 2011 /

Norton-vendor Symantec Corporation (NASDAQ: SYMC) has revealed a vulnerability in a domain registration software for domain parking services allowing spammers to randomly redirect to any URL.

“We recently noticed a large domain parking service being abused by spammers on a massive scale. Each domain hosted on the service contains an open redirect script, allowing spammers to redirect to any URL of their choice,” Symantec senior software engineer Nick Johnston explained.

Spams have continued to flood the inbox despite the shutdown on March of botnet Rustock that was responsible for spreading as many as 30 billion spam messages every day. Last week, Microsoft reported that it had spotted more than 400,000 email addresses on one hard drive it seized during the raid.

Microsoft, which led the take-down against Rustock, reported that it had found further evidence of spam distribution of the botnet, “including custom-written software relating to assembly of spam emails and text files containing thousands of email addresses and username/password combinations.”

Domain parking services allow registration of internet domain names without using them for services like email or hosting a website.

Domain registered on parking services are reserved for future use to prevent cybersquatting or earn money via advertising hosted on an automatically-generated Web site on the domain.

The abuse, according to Symantec, does not target directly the domain parking services, but takes advantage of a feature of the domain registration software.

It is also impossible for domain owners to notice that their domains are added to anti-spam blocklists because the redirect does not affect the parking page, which is typically not used for other purposes. Additionally, the domain parking service may not have been aware of the abuse.

Symantec said it has already informed the domain parking service about the abuse.

The abuse, Symantec continued, “could be effective against some anti-spam products since many of the domains affected have been registered for years, and therefore seen as more likely to have a good reputation.”

For example, Symantec caught a redirect to “get rich quick” sites used by spammers, which spoof a popular US broadcaster.

The security vendor said it has automatically blocked tens of thousands of these domains.

“This latest abuse shows the lengths spammers are prepared to go to in attempting to conceal their spam sites.”

Symantec advised users to check the HTTP “Referer” [sic] header before redirecting to prevent the abuse.

“Using cryptographic hashing can also be useful, as can restricting the set of sites which can be redirected to,” it said.

 

1 Comment for “Spammers Preying on Domain Registration Software Flaw”

  1. strela

    David Freer (VP, Symantec Consumer Business Units – Norton, APJ) is a BIG LIAR! He lied to me for more than two and half years for my true feelings, time, and money. Also kept saying I am the only one in his life. Even this year on Feb. 2, he used company line to lead me to have phone sex with him. Until I found out there?s some other woman, he made up another lie and finally admitted he?s been living with her for a year. Later, I realized they were all lies. He actually has married March 2009. And now he just totally disappeared and not answering any phone calls, acting like ?hit & run? irresponsible baby. Can you trust someone like this, with no ethics and integrity? The more unbelievable things are David Freer newly-wed wife – SUZY WALSHAM, she shamefully admitted she was the third person who broke up David Freer & his ex 12 years relationships, and mocking at me as the 3rd “unsuspected” person, as she agreed with his husband?s behaviors!!!!!! SHAME ON both of you, DAVID FREER & SUZY WALSHAM!!!!!!! (THEY BOTH WORK FOR SYMANTEC)

Share your opinion