14 DAY TRIAL // Pushed by the recent Google ban on .co.cc, cyber criminals have began migrating to alternative bulk domain providers, making it harder for both Google and the rest of the world to block the malicious sites en masse.
At the beginning of the month Google took the unprecedented measure of deindexing all .co.cc websites from its search engine because of the unusually high abuse registered under the domain.
The .co.cc second-level domain (SLD) is used as a bulk domain registration service and had become a favorite for cyber criminals to host their scareware and phishing pages.
Security researchers have not endorsed Google's decision because the measure does not prevent the abuse and probably hurts more legit domain owners than cyber criminals.
However, it now looks that it might even have bad consequences. Security researchers from Kaspersky warn that cyber criminals have began dropping .co.cc in favor of alternative SDLs like co.cz, uni.cc, and bz.cm.
"Google’s actions may not have been very beneficial. On the one hand, they have removed a huge amount of malicious resources from their resource. On the other hand, they have forced out a lot of legitimate websites," says Kaspersky Lab expert Eugene Aseev.
"Moreover, as there are many services like co.cc, the cybercriminals will quickly switch over to another service, making the blocking of just one zone completely pointless," he concludes.
Having malicious domains spread across more SDLs instead of just one doesn't only make it harder for Google to block them, but also for network administrators who might have prevented access to .co.cc domains from their networks.
Blocking complete access to the domains is much more efficient than removing them from search results, because in most cases the malicious .co.cc domains are used for landing pages or second and third level redirects. This means they didn't appear in search results in the first place.