Hara maheshvara shulapani pinakadhrik pashupati shiva mahadeva
|
|
|
Security experts claim Google's .co.cc ban is inefficient
SECURITY EXPERTS have criticised Google's decision to ban all .co.cc domains from search results, claiming that it's both inefficient in preventing abuse and unsustainable in the long run.
Google took the unprecedented step of deindexing the entire .co.cc second-level domain (SLD) at the beginning of this month because of the high number of malicious web sites registered under that namespace.
The internet search giant hinted that something like this might happen in an earlier blog post about abusive bulk subdomain services, in which it said that "in some severe cases our systems may now flag the whole bulk domain".
The .co.cc registry is run by a Korean company and contains over 11.3 million domain names. The service allows bulk registrations of up to 15,000 domain names. Its low price and flexibility have made .co.cc domains a favorite for cyber-criminals, especially those running fake antivirus schemes.
However, it isn't the only SLD available to scammers. According to security researchers from Trend Micro, while co.cc is responsible for the highest number of malicious URLs, co.tv, wo.tc, dlinkdns.com, cz.cc and other similar services also rank high in the statistics.
Trend Micro experts see several flaws in Google's approach to this problem. First of all, any of the aforementioned SLDs can take .co.cc's place if the cyber crooks are no longer satisfied with the service.
This will lead to more bans, each of them hurting non-abusive domain owners as well. In fact, legit .co.cc web sites are probably most affected by the current ban anyway, because online criminals regularly keep these domains out of search results.
"If we chart the typical infection chain for the majority of blackhat SEO attacks nowadays, you will notice that the malicious SLDs are more often used for the second, third, up to the fourth jumps or redirections.
"The doorway pages - those that are actually indexed by search engines - very rarely use *.co.cc. So, blocking these makes no sense," argues Martin Roesler, Trend Micro's director of threat research.
And Google's approach will be even more problematic in the future. Beginning in 2012, ICANN will expand the domain name system by allowing the registration of arbitrary top-level domains (TLDs). This will significantly increase the number of options for cyber-criminals and will make ban enforcement much harder.
Security experts think that the best way to tackle this is for Google to work with TLD registry operators to put pressure on SLD owners to keep their houses clean. For example, the .cc registry operator has the power to suspend all .co.cc web sites and prevent them from working. Such a measure would hurt cyber-criminals a lot more than Google's ban and would put pressure on bulk registrars to clean up their acts. µ
Share this:
Share
The TLD registration is arguably fraudulent - cocos and keeling is part of australia with no "natives" - the domain was registered and has mostly operated out of a suburb of Brisbane by someone with no discernable connection to the island.
As far as I can tell the only reason the Aussies keep the physical place is because of its proximity to Indonesia, otherwise it'd just be one of thse uninhabited islands dotting the oceans.
Ban them all! well i cant agree to that, where are we now China, LOL Google disagreed about how china wanted them to run google and what they do now, sensoring searches in them engine. Way to go foogle, way to go. So what happened to all the legal nonscamming sites like mine and many others. Just one question which seiusly foogle dont care any about.
We need uninstall all chrome browsers, and all foogle tools and start use yahoo or bing, atleast they dont kick like 11 miliion sites of the web, coz some of them where bad.
We got foogled!
Now that the US fascist types took control of .com and .net I think more and more people are forced to use alternatives not under US control, and seeing in general most country domains are also under the thumb of the nasty boys (who are often puppets of the US too) you are left with the same choices the dodgy people use.
So this seems odd timing.. unless google is on purpose playing along with eroding any escape into freedom.
I mean it's not like the use of those domains by dodgy types is new, I recall learning many years ago to not click on links with those domain extensions without some earnest thinking and checking beforehand, and they were probably using those domains before google even started.
Bravo Google! Ban all those worthless spam-ridden domains. The higher prices of other domain registrars will help keep most of the riff-raff out. After all, the (lack of) cost of sending out emails is why spam is so easy and attractive. I know I don't even allow entire continents to access my servers or send me email. No tears shed here!