Registrars Release Suspended Domains to Attackers
Mary Landesman writes on the ScanSafe STAT Blog:
A new outbreak of SQL attacks began on the 8th. Not that they ever really go away, but new waves replace the old ones. The attackers are using a much larger number of domains than seen in previous months. Just 11 days into June, and already 54 of these domains have been observed. Many of these are previously suspended domains that registrars have released back to the attackers.More here.
The end result, some of the domains involved in the late May and early June attacks are now active again. Thus not only newly compromised sites are foisting the malware, but any sites previously compromised that have not cleaned up their pages (and properly parameterized their SQL queries) will now once again be serving as conveyor belts for password stealing trojans.
Note: This is exactly illustrative of the problem that are enormous in the entire domain registration process, and how criminals are continually gaming the domain registration process without fear of retribution or punishment. This has got to change -- these domain registration policy loopholes must be closed -- before we can even to begin to have an impact on the criminal manipulation of the domain registration process. -ferg