Russian Registras Refused to Close Malicious Domain
Spamhaus Project, the anti-spam organization that last year was accused of blackmail by a Dutch ISP, names a Russian registrar called NAUNET of knowingly harboring cybercriminals by not taking down their malicious domains.
In the past several months Spamhaus has been fighting a never-ending battle against spam sources, but apparently some Russian domain registrars were reluctant to answer the requests to take down website names that were used by cybercriminals such as botnet operators.
Hundreds of .ru domains were shut down in the past months, most of which were registered through NAUNET.
If last year the company seemed more willing to aid Spamhaus in taking down the rogue domains, starting with 2012, NAUNET began demanding more evidence to support the accusations made by the anti-spam organization.
An example provided by Spamhaus refers to a number of .ru domains utilized by cybercriminals to run a botnet that relied on the banking Trojan known as Freodo.
“While any normal network security person would identify these domain names as clearly malicious, NAUNET refused to suspend these domain names and actually accused Spamhaus of incompetence after we submitted evidence that these domain names were being used by the botnet’s owners,” Quentin Jenkins of Spamhaus wrote.
As it turns out this is not the first time when NAUNET is flagged as supporting the activities of spammers and other cybercrooks. According to Spamhaus, 95% of the .ru domains registered by the Russian company back in 2008 were used in spam campaigns.
Now the anti-spam organization hopes that Russian domain regulators will either sanction NAUNET, or even shut down its activities for good.
“It may not be known to them, but this one registrar (and it’s cybercriminal clientele) are doing great harm to the current and future worldwide usability of the .ru domain by legitimate Russian interests. The internet suffers when companies and networks blacklist an entire ccTLD, but it is now happening all over with .ru,” Jenkins concluded.