Spammers switch to free Web hosting providers

Dec 21, 2009 15:55 GMT  ·  By
Spammers stop using .cn domains after change in registration policy
3 photos
   Spammers stop using .cn domains after change in registration policy

Security researchers point out that spam containing links to abusive .cn domains is on the decline. This trend seems to be related to new domain registration requirements recently introduced by China's Internet Network Information Center (CNNIC).

On December 11, CNNIC announced that a stricter registration procedure would be introduced for .cn domains. The new regulation states that "Domain name applicants need to submit the formal paper based application material when making the online application to the registrar. The application material includes the original application form with business seal, company business license (photocopy), and registrant ID (photocopy)."

According to the organization, which manages the .cn tld, the registrar must in turn send it a copy of this application material via e-mail or fax, otherwise, it will proceed to delete the domain name within five days. This new policy was meant to prevent the use of .cn domains for inappropriate adult material and went in effect on December 14.

However, "since .cn domains have been the call-to-action in 35-50% of all spam being sent for well over a year, we were wondering what effect this policy change may have on the prevalence of this TLD in spam," writes Brett Cove, working for SophosLabs. Therefore, researchers from the antivirus vendor have put up some graphs showing the prevalence of .cn domains in spam during December.

The statistics reveal that .cn spam fluctuated around the 40% mark until December 11, when it suddenly spiked to reach over 50% on December 13. Since then until December 15, it dropped to around 30% and continued to decline to under 20% on December 17. This suggests that spammers are moving away from the .cn domain space.

Meanwhile, the use of free Web hosting services in spam has suddenly started to rise. Between December 14 and December 17, the prevalence of such links in spam increased by 25%. "Three specific free webhosting services [livejournal.com, spaces.live.com and imageshack.us] seem to currently be the favorite of these specific Canadian Pharmacy spammers," notes Mr. Cove.

A report recently released by security vendor McAfee puts .cn (China) as the third riskiest top-level domain (TLD) this year, after .cm (Cameroon) and .com. According to the company's findings, about one in four domains in the .CN namespace had some connection to malicious activities. CNNIC might be following the example of Hong Kong's Internet Registration Corporation, which, through similar aggressive measures, drastically reduced the abuse of .hk domain names.

Photo Gallery (3 Images)

Spammers stop using .cn domains after change in registration policy
Graph showing use of .cn domains in spam during DecemberGraph showing use of particular free Web hosting providers in spam during December
Open gallery