On the Effects of Registrar-level Intervention

LEET 2011 - 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, spyware, Worms, and More

Volumn , Issue , 2011, Pages

  Liu, He ^a   Levchenko, Kirill ^a   Félegyházi, Márk ^c,d   Kreibich, Christian ^b,c   Maier, Gregor ^c   Voelker, Geoffrey M ^a   Savage, Stefan ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c INTERNATIONAL COMPUTER SCIENCE INSTITUTE   (United States)

^d BUDAPEST UNIVERSITY OF TECHNOLOGY AND ECONOMICS   (Hungary)

Author keywords

[No Author keywords available]

Indexed keywords

BOTNET;

BLANKET POLICY; DOMAIN NAMES; DOMAIN REGISTRATIONS; EFFECTIVE TOOL; INTERNET SCAMS; PHARMACY DOMAIN;

COMPUTER VIRUSES;

EID: 85084094479     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (30)

1. DomainTools. http://www.domaintools.com.
2. URIBL. http://www.uribl.com.
3. Price Increase For .cn Chinese Website Domain Names. http://www.techsecuritychina.com/2010/01/07/9093-price-increase-for-cn-chinesewebsite-domain-names/, Jan. 2010.
4. Registrar report for eNom. http://www.webhosting.info/registrars/reports/total_domains/enom.com?ob=gs&oo=asc, Feb. 2011.
5. J. Armin. Demand Media–eNom: the World’s #1 Bad Host and Abusive Registrar. Technical report, HostExploit, Aug. 2010.
6. J. Armin. KnujOn’s response to eNom statement. http://hostexploit.com/blog/4-currentevents/3514-knujons-response-to-enomstatement.html, June 2010.
7. CNNIC. “Experience .CN Domain Name for One Yuan Campaign” will extend till 31st December, 2008. http://www.cnnic.net.cn/html/Dir/2007/12/27/4953.htm, Dec. 2007.
8. CNNIC. The Notification about further enhancement of auditing domain name registration information. http://www.cnnic.net.cn/html/Dir/2009/12/12/5750.htm, Dec. 2009.
9. L. Daigle. WHOIS protocol specification. RFC 3912, The Internet Society, Sept. 2004.
10. Demand Media. eNom and LegitScript LLC announce agreement to identify customers operating illegal online pharmacies. http://www.businesswire.com/news/home/20100921005657/en/eNom-LegitScriptLLC-Announce-Agreement-Identify-Customers, Sept. 2010.
11. Elmaros. Форум успешных вебмастеров. http://www.gofuckbiz.com/showpost.php?p=382053, Oct. 2010.
12. M. Felegyhazi, C. Kreibich, and V. Paxson. On the potential of proactive domain blacklisting. In Proceedings of the Third USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Jose, CA, USA, Apr. 2010.
13. Gary Warner. Random Pseudo-URLs Try to Confuse Anti-Spam Solutions. http://garwarner.blogspot.com/2010/09/random-pseudo-urls-try-to-confuse-anti.html, Sept. 2010.
14. S. Hollenbeck. EPP domain name mapping. RFC 5731, IETF Trust, Aug. 2009.
15. S. Hollenbeck. Extensible provisioning protocol (EPP). RFC 5730, IETF Trust, Aug. 2009.
16. S. Hollenbeck and M. Srivastava. NSI registry registrar protocol. RFC 2832, The Internet Society, May 2000.
17. S. Hollenbeck, S. Veeramachaneni, and S. Yalamanchilli. VeriSign registry registrar protocol (RRP) version 2.0.0. RFC 3632, The Internet Society, Nov. 2003.
18. KnujOn.com, LLC. Internet Security Report: Audit of the gTLD Internet Structure, Evaluation of Contractual Compliance, and Review of Illict Activity by Registrar. http://www.knujon.com/knujon_audit0610.pdf, June 2010.
19. C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, V. Paxson, and S. Savage. Spamcraft: An inside look at spam campaign orchestration. In Proceedings of the Second USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, USA, Apr. 2009.
20. LegitScript and KnujOn. Rogues and Registrars—Are some Domain Name Registrars safe havens for Internet drug rings? http://www.legitscript.com/download/Roguesand-Registrars-Report.pdf, Apr. 2010.
21. K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Félegyházi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage. Click Trajectories: End-to-End Analysis of the Spam Value Chain. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland), May 2011.
22. C. Ludl, S. McAllister, E. Kirda, and C. Kruegel. On the effectiveness of techniques to detect phishing sites. Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), pages 20–39, 2007.
23. J. Ma, L. Saul, S. Savage, and G. Voelker. Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In Proceedings of the 15th ACM SIGKDD Intl. Conference on Knowledge Discovery and Data Mining, pages 1245–1254. ACM, 2009.
24. T. Moore and R. Clayton. Examining the impact of website take-down on phishing. In eCrime Researchers Summit, pages 1–13, 2007.
25. T. Moore and R. Clayton. The consequence of non-cooperation in the fight against phishing. In eCrime Researchers Summit, pages 1–14, 2008.
26. T. Moore and R. Clayton. The impact of incentives on notice and take-down. Managing Information Risk and the Economics of Security, pages 199–223, 2008.
27. P. Prakash, M. Kumar, R. Kompella, and M. Gupta. Phishnet: predictive blacklisting to detect phishing attacks. In Proc. INFOCOM, pages 1–5. IEEE, 2010.
28. S. Sheng, B. Wardman, G. Warner, L. Cranor, J. Hong, and C. Zhang. An empirical analysis of phishing blacklists. In Sixth Conference on Email and Anti-Spam (CEAS), 2009.
29. S. Sinha, M. Bailey, and F. Jahanian. Shades of grey: On the effectiveness of reputation-based “blacklists”. In 3rd International Conference on Malicious and Unwanted Software (MALWARE), pages 57–64. IEEE, 2008.
30. The Honeynet Project. Know Your Enemy: Fast-Flux Service Networks. http://www.honeynet.org/papers/ff/fastflux.pdf, July 2007.