.Asia registry to crack down on phishers

The registry for the new .asia top-level domain is set to ban domain names that are consistently used for phishing sites.


The registry for the new .asia top-level domain is set to ban domain names that are consistently used for phishing sites.

DotAsia Organisation has agreed to implement a policy to ban domain names associated with phishing, said Laura Mather, of the Anti-Phishing Working Group (APWG), a consortium of companies and government groups that studies phishing. She is also a senior scientist at MarkMonitor.

It's the first time that a registry has undertaken such a drastic action to stop the proliferation of fake websites designed to dupe people into divulging sensitive personal data. Registries are organisations that oversee technical implementation of TLDs.

Phishing remains a huge problem despite improvements in security technology. Phishers attract people to their sites by sending links through spam emails. The sites, which spoof well-known brands with similar-looking domain names, are usually kicked off the Internet by Internet service providers after they receive reports that a site is fraudulent.

Often, the phisher switches hosting providers using the same domain name and the game repeats.

Phishers are also increasingly using a technique called "fast flux", which is designed to ensure a Web site is always available. Fast flux allows a website to resolve to numerous different IP (Internet Protocol) addresses. If one server fails, a person browsing for the site is automatically redirected to another server hosting it.

Phishers are using fast flux with their sites, meaning the site's IP address changes every few minutes, redirecting to countless servers, all of which would have to be taken down. Fast flux makes it very difficult to keep a site off the Internet, turning anti-phishing efforts into an endless game of chase.

"This is the weakest link online today in Internet security," said Gadi Evron, a security evangelist with Beyond Security. "We need to be able to get rid of domain names."

But if the TLD registry takes the domain name out of its system, the site will go down permanently, although there are some technical exceptions. One problem is a feature of the Internet's architecture designed to reduced the burden on nameservers, which match a domain name with its corresponding IP address and enable a website to be delivered in a browser.

When a person visits a particular site, a local nameserver caches the IP address of the domain name. How long the local nameserver refers to its cached record for a website is a feature called "time-to-live," which is set by the owner of the website and remains in the official DNS record for the site.

The problem would come if a registry bans a domain name, but that DNS record is still cached in local nameservers, which would still direct a person browsing to the address, Mather said.

"Recommended For You"

US companies lead new top-level domain name charge ICANN to revamp top-level domain purchasing