What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  Threats and Trends  TrustedSource™ Blog
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 


Latest Malware Threats
 RSS Feed
Win32.Perlovga.A.12008-10-01
Trojan.Dldr.Agent.RCE2008-09-30
Virus.002332008-09-26
Worm.Sohanad.S2008-09-23
Trojan.Spy.Goldun.axt2008-09-19
Trojan.Renamer.L2008-09-17
View Malware Library
 

TrustedSource™ Blog

We are going to need a bigger boat…

June 29th, 2008

This week, the Board of ICANN, the organization, which among other things, defines Internet domain name policies voted to dramatically expand the available domain name space.

Currently, domain names are restricted to 21 general top-level domains (like .com, .org, .biz, etc) and almost 250 country code top-level domains (ex. .de, .uk, .us, etc) that are administered and regulated by the countries that they had been assigned to.

With this week’s approval, we may see  a whole slew of new top-level domain names may become available for registration - anything from .paris to .yourname, possibly as soon as the second quarter of 2009 .  At the same time, the Board has also approved a resolution to move forward with the introduction of internationalized versions of country-code top level domains (allowing, for example, the Russian Institute for Public Networks, which is responsible for Russia’ .ru domain name to also manage .ру, the Cyrillic version of the domain name).

While there are certainly clear benefits to having fully localized domain names to spur further growth in Internet usage in countries with non-latin alphabets, the benefits to enlarging the space of available general TLDs are less clear.  The .com domain name remains the most popular and coveted Internet real-estate property with an average growth rate of over 5 million active registered domains each quarter. In contrast, the second most popular general TLD - .net - accounts for a little over 1 million registrations each quarter.  The other gTLDs, such as .biz, .info, .org are considerably less popular and grow on average by at most 100,000 domains quarterly.  So it’s fairly unlikely that other gTLDs will buck this trend and steer people away from wanting that lucrative .com domain, with only perhaps a few exceptions (.sex anyone?).

.com active domain growth

 

.net active domain growth

Even spammers tend to prefer .com to other domain names - TrustedSource is currently detecting .com domains accounting for 56% of all URLs we see in malicious emails.

TLD domains in Spam URLs

Top Level Domains in Spam URLs

The other implications of this change is what it will do to the continuous degradation of the Internet security environment.  For instance, the proposed .ру Cyrillic domain name for Russia will look just like the .py latin-based domain name for the country of Paraguay (note: if you can’t tell the difference between them, that’s the point - they look identical when rendered correctly in the browser). The potential for accidental or intentional naming confusion is huge and phishers and other cybercriminals will undoubtedly try to take advantage of it.

The other problem the Internet security community will likely face is  an exacerbation of the domain investigation and takedown/shutdown problem that we have today.  Currently, when we at Secure Computing Research and our other counterparts in the industry, academia and law-enforcement investigate a domain name tied to criminal activity, we face an environment with hundreds of different registry operators and over a thousand registrars that we potentially have to deal with to shutdown a domain name used in a phishing or malware attack or to get information on its registrant for a law-enforcement investigation.  Without an institutionalized framework for getting access to this information or triggering a domain shutdown by authorized individuals or organizations, the security community has to rely on personal relationships and begging to get action from registrars and registries (some in the domain name industry are extremely quick and cooperative to react to registration abuse, but there are numerous others who are either completely unresponsive or very slow to react).  This problem is likely to get significantly worse if we are faced with a prospect of thousands or even millions of new top level domain names and new registries and registrars that would operate and distribute them.

It is our hope that ICANN’s GNSO (Generic Names Supporting Organization) and the ICANN Board will consider those and other security implications in drafting the final recommendations for implementation of this dramatic new expansion.

Back to TrustedSource™ Blog overview

Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

ANY INFORMATION PROVIDED BY SECURE COMPUTING ON THIS BLOG ARE OFFERED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES, CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN OR LINKED TO AND NO RIGHTS ARE CONFERRED. BY USING THIS BLOG, YOU ASSUME ALL RISK FOR YOUR USE. IN NO EVENT WILL SECURE COMPUTING BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. SECURE COMPUTING HAS NO OBLIGATION TO POST BLOG SUBMISSIONS OR RESPONSES.