A crook running several tech support scam operations has managed to register 135 domains, most of which are used in his criminal activities, without anybody preventing him from doing so, which shows the sad state of Web domain registrations today.
His name and email address are tied to 135 domains, astold Softpedia. Over 120 of these domains are and have been gradually registered across time.
The full list is available at the end of this article, but most of the domains look shady just based on their names. Really, how safe do you feel navigating to “security-update-needed-sys-filescorrupted-trojan-detected[.]info”? How about “personal-identity-theft-system-info-compromised[.]info”?
Some domains are still online with active tech support scams
While some are still active and are running active tech support scams and scareware, a large part are also offline, either taken down or yet to feature any content. Google’s Safe Browsing API detects some of the URLs, but not all.
“This is a big business,” MalwareHunterTeam told Softpedia. “And no one on Earth does anything against them,” it adds, reflecting on the lack of any blacklist that can prevent certain individuals with a known history from registering new domains.
“The main problem is that this man could register 100+ scam domains (the domain names are telling that they are scam) starting from the first days of April, without any problem,” MalwareHunterTeam goes on to say. “It’s simply crazy… And it’s just one man.”
MalwareHunterTeam also claims that GoDaddy, the company where most of these domains are hosted, was informed of the problem. “They got the whole list… But their abuse [department] is not really good. Sometimes nothing happens even after a week of contact.”
Web registrars / hosting firms are completely overwhelmed
JamesWT, another security researcher, also says he submitted the same list of suspicious domains to GoDaddy, but the company still hasn’t taken the domains down, something thatfrom them.
Many security researchers seem to have a problem with GoDaddy’s slow abuse reporting process. For example, a researcher that goes by the name of Techhelplist on Twitter has had problems with the company when he reported a set of TeslaCrypt C&C servers
An entire week had passed, and GoDaddy’s abuse department still hadn’t reviewed the report. If you think this has changed since December, it has not. Here’s another report from. The tech support scam in that tweet is still alive at the time of writing.
Nobody’s saying that GoDaddy is protecting such activities, but its abuse department is completely overwhelmed at the moment. To be fair, there are plenty of other Web hosting firms that don’t even run an abuse department, and the only way to reach them is through the national CERT teams.
User education is the secret
The only way to fight this epidemic is through the work of security researchers and by educating users about the dangers of such websites.
Malwarebytes has a goodthat you can read. So do other security vendors, if you take the time to search their wikis or support pages.
At the start of June, the FBI’s Internet Crime Complaint Center (IC3) issued aregarding a surge in tech support scams. The agency reported on a series of new tricks used in these types of social engineering attacks. IC3 also reported 3,669 cases that caused victims damages of $2,268,982 only in the first four months of the year.