14 DAY TRIAL // The introduction of tougher requirements for the registration of .RU domains back in April failed to prevent spammers and other cybercriminals from abusing Russia's TLD.
According to Web and email security solutions provider M86 Security, .RU is currently the second most abused top-level domain after .COM.
"Every day we see a continuous stream of newly registered .ru domains in spam email. In fact, in the last month one third of all unique domains we have seen in spam have been .ru domains," Gavin Neale, a researcher with M86 Security, notes.
This comes as a surprise, because earlier this year the Coordination Center for TLD RU made changes to its registration procedure, requiring every new applicant to provide a copy of their passport or state-issued certificate (for legal entities).
In December 2009, China's Internet Network Information Center (CNNIC), the organization administering the .CN TLD, introduced similar policy modifications, which resulted in an immediate decrease of abuse involving the domain extension.
The reason why the new .RU registration requirements failed to produce a similar effect might lie with two domain registrars called Naunet and Reg.ru.
M86 reports that last month, a number of 4,000 .ru domains used in spam have been registered through Naunet and 1,800 through Reg.ru.
Reg.ru in particular offers bulk registration of up to 600 domains using the same contact information and seems to be favored by Canadian Pharmacy spammers.
"These spammed web sites are generally non-malicious as in they don’t try to exploit vulnerabilities on the visitor’s machine, although we’re not sure they would be so generous with your credit card details if you were to buy one of their ‘products’," Mr. Neale says.
However, in addition to spam, some domains registered through the aforementioned companies have been used as ZBot or Asprox command and control servers. Obviously, both registrars ignore abuse reports and fail to suspend domains involved in illegal activities.