Report on Spamvertising and Phishing using.hk Domain Names and McAfee Report. ccnso Meeting June 24, 2008

Similar documents
Public Consultation Paper on.hk Chinese Domain Name Soft Launch and Reserved.hk Chinese Domain Name Categories

APPLICATION FORM - FOR HKIRC S REGISTRAR ACCREDITATION

Bank of america report phishing

Countermeasures against Mobile spam

NOT PROTECTIVELY MARKED PHISHING. July 2016

Improving Domain Names Utilization

Anti-Phishing Working Group

June 2012 First Data PCI RAPID COMPLY SM Solution

Japan s Measures against Spam

2CENTRE A collaborative model for capacity building against cybercrime. Cormac Callanan 2CENTRE Industry Liaison

APWG Global Phishing Survey 2H2010

The Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group

APTLD & MYNIC JOINT SURVEY

All King County Summary Report

Contractual ICANN. An Overview for Newcomers 11 March 2012

Intellectual Property Constituency (IPC)

The Scenes of Cyber Crime

Security Trend of New Computing Era

Seattle (NWMLS Areas: 140, 380, 385, 390, 700, 701, 705, 710) Summary

Next Steps for WHOIS Accuracy Global Domains Division. ICANN June 2015

Seattle (NWMLS Areas: 140, 380, 385, 390, 700, 701, 705, 710) Summary

Seattle (NWMLS Areas: 140, 380, 385, 390, 700, 701, 705, 710) Summary

RDAP Implementation. Francisco Arias & Gustavo Lozano 21 October 2015

ThaiCERT Incident Response & Phishing cases in Thailand. By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT)

Full Clinical Psychotherapist

Privacy and Proxy Service Provider Accreditation. ICANN58 Working Meeting 11 March 2017

Registry Internet Safety Group (RISG)

CIMA Certificate BA Interactive Timetable

Fast Flux Hosting Final Report. GNSO Council Meeting 13 August 2009

Registrar Stakeholder Mee2ng Tuesday, 25 March 2014

Korea Phishing Activity Trends Report

BANGLADESH UNIVERSITY OF PROFESSIONALS ACADEMIC CALENDAR FOR MPhil AND PHD PROGRAM 2014 (4 TH BATCH) PART I (COURSE WORK)

TLD-OPS Standing Committee Meeting cctld Security and Stability Together

Certified Account Executive in Factoring

ICANN Contractual Compliance. IPC Mee(ng. Tuesday, 25 March 2014 #ICANN49

WHOIS Review Team Internationalized Registration Data Expert Working Group. Margie Milam ICANN October 2015

ISE Cyber Security UCITS Index (HUR)

Directive on security of network and information systems (NIS): State of Play

Obtaining and Managing IP Addresses. Xavier Le Bris IP Resource Analyst - Trainer

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

ICANN Contractual Compliance. ALAC Mee(ng. Sunday, 23 March 2014 #ICANN49

Online Banking Service FAQ(Corporate)

Asks for clarification of whether a GOP must communicate to a TOP that a generator is in manual mode (no AVR) during start up or shut down.

IT Auditing and IT Fraud Detection

Cybersecurity & Spam after WSIS: How MAAWG can help

Overview on the Project achievements

"Stay Smart, Keep Cyber Scam Away" Seminar Build a Secure Cyberspace 2018

APNIC Status Report. ARIN VI Public Policy Meeting 2-44 October 2000

Update on ICANN Domain Name Registrant Work

Asia Key Economic and Financial Indicators

NISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

DMARC Continuing to enable trust between brand owners and receivers

Asia Key Economic and Financial Indicators

IIA Academy YOUR PARTNER IN PROFESSIONAL DEVELOPMENT

SFC strengthens internet trading regulatory controls

Institutionalizing the IANA Functions To Deliver A Stable and Accessible Global Internet for Mission Critical Business Traffic and Transactions

SME License Order Working Group Update - Webinar #3 Call in number:

Way to new challenges

Overview of ITU capacity building activities

Law Enforcement Recommended RAA Amendments and ICANN Due Diligence Detailed Version

Asia Key Economic and Financial Indicators

Attachment 3..Brand TLD Designation Application

Certificate in Security Management

DAS LRS Monthly Service Report

Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database

IP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013

Contractual Compliance Update. Contractual Compliance ICANN 57 5 November 2016

SIMPLEFX AFFILIATION AGREEMENT

Attachment 3..Brand TLD Designation Application

Markets Gateway Roadmap

GMO Internet Group Profile. Internet for Everyone

App Economy Market analysis for Economic Development

Budget Transfers. To initiate a budget transfer, go to FGAJVCM (Journal Voucher Mass Entry). FGAJVCM

Instructor training course schedule v3 Confirmed courses due completion by 31 st July 2019

software.sci.utah.edu (Select Visitors)

We collect information from you when You register for an Traders account to use the Services or Exchange and when You use such Services. V.

Computer

TCL 多媒體科技控股有限公司 T C L M U LT I M E D I A T E C H N O L O G Y H O L D I N G S L I M I T E D ( S t o c k c o d e : )

Dashboard. Jan 13, Jan 8, 2012 Comparing to: Site. 12,742 Visits % Bounce Rate. 00:05:26 Avg. Time on Site.

Online Banking Service FAQ(Corporate)

Digital Signatures Act 1

Service Provider Complaints Statistics for 2012

Searchable WHOIS Terms of Use

Conjure Network LLC Privacy Policy

Home Phone No.: Work Phone No.: Cell Phone No.:

Contractual Compliance

Emergency Nurses Association Privacy Policy

Mile Privacy Policy. Ticket payment platform with Blockchain. Airline mileage system utilizing Ethereum platform. Mileico.com

HPE Security Data Security. HPE SecureData. Product Lifecycle Status. End of Support Dates. Date: April 20, 2017 Version:

Symantec Hosted Services. Eugenio Correnti / Senior Pre-Sales Consultant EMEA 1

Terms of Service. USER means the individual that creates and/or has access to manage or maintain

Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit

San Francisco Housing Authority (SFHA) Leased Housing Programs October 2015

HKISPA Response to the Consultation Paper on the Proposals to Contain the Problem of Unsolicited Electronic Messages.

Phishing Activity Trends Report August, 2005

YOUR BUSINESS Networking Lunch & Vendor Fair

Section I. GENERAL PROVISIONS

Promoting Global Cybersecurity

We offer background check and identity verification services to employers, businesses, and individuals. For example, we provide:

Transcription:

Report on Spamvertising and Phishing using.hk Domain Names and McAfee Report ccnso Meeting June 24, 2008

Agenda Introduction of HKIRC/HKDNR and.hk Domain Figure of Phishing and Spamvertising Common Patterns of Phishing Domain Difficulties Encountered by Domain Registries/Registrars and How HKDNR coped with it McAfee Report 2

Introduction HKIRC is the registry of.hk cctld HKDNR is an operating arm of HKIRC in.hk domain administration. HKIRC/HKDNR is a registry and a registrar (combination model) for.hk domain administration 163,896.hk domain registrations as on 1 Jun 2008 HKDNR set up since 2001. The first phishing domain was reported in Sept 2006, as the time 2 nd level of.hk was actively promoted into the overseas market 3

.hk Domain Categories and Requirements of registration English Domain Chinese Domain Requirement.com.hk. 公司.hk Businesses / companies registered in HK.net.hk. 網絡.hk Entities managing network infrastructure, machines and services with a license (IVANS / ISP) from OFTA of HK.org.hk. 組織.hk Not-for-Profit organizations registered in HK.edu.hk. 教育.hk Registered schools, tertiary institutions and other approved educational institutions in HK.gov.hk. 政府.hk Government Bureaux / Departments of HK.idv.hk. 個人.hk HK Residents (for. 個人.hk, domain shall be the legal name of registrant).hk.hk Local and overseas individual and entities. No documentary proof is required 4

Phishing and Spamvertising (Source: http://en.wikipedia.org) Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. ebay, PayPal and online banks are common targets. Phishing is typically carried out by email. Spamvertising is the practice of sending E-mail spam, advertising a website. In this case, it is a portmanteau of the words spam" and advertising. Spamvertisers insert links to their websites (typically, sites purporting to sell some commercial product). The links typically lead to pills, porn and poker sites. 5

Figure of Phishing and Spamvertising on.hk domains in 2007 & Jan 08 Report of Phishing Month No. of.hk domain reported for Phishing Jan 2007 2 Feb 2007 21 Mar 2007 95 Apr 2007 243 May 2007 114 Jun 2007 234 Jul 2007 159 Aug 2007 294 Sep 2007 5 Oct 2007 139 Nov 2007 93 Dec 2007 278 Jan 2008 259 6 Report of Spamvertising Month No. of.hk domain reported for Spamvertising Jan 2007 35 Feb 2007 66 Mar 2007 105 Apr 2007 643 May 2007 1046 Jun 2007 1326 Jul 2007 8321 Aug 2007 71 Sep 2007 20 Oct 2007 299 Nov 2007 9 Dec 2007 33 Jan 2008 10 * 1,552 spamvertising domains were found and reported by HKDNR in July 07

Figure of Phishing and Spamvertising on.hk domains (Jan 07 Jan 08) Graph Showing Phishing Report (Received VS Suspended) Phishing 400 300 DN 200 100 0 Feb Apr Jun Aug Month Oct Dec Report Received Suspended Graph Showing Spamvertising Report (Received VS Suspended) Spamvertising DN 12000 10000 8000 6000 4000 2000 0 Feb Apr Jun Month Aug Oct 7 Dec Report Received Suspended

Figure of Phishing and Spamvertising on.hk domains (May 07 - May 08) Report of Phishing Report of Spamvertising Month No. of.hk domain reported for Phishing May 2007 114 Jun 2007 234 Jul 2007 159 Aug 2007 294 Sep 2007 5 Oct 2007 139 Nov 2007 93 Dec 2007 278 Jan 2008 259 Feb 2008 200 Mar 2008 8 Apr 2008 3 May 2008 1 Month No. of.hk domain reported for Spamvertising May 2007 1046 Jun 2007 1326 Jul 2007 8321 Aug 2007 71 Sep 2007 20 Oct 2007 299 Nov 2007 9 Dec 2007 33 Jan 2008 10 Feb 2008 1 Mar 2008 12 Apr 2008 6 May 2008 1 8

Figure of Phishing and Spamvertising on.hk domains (May 07 May 08) Graph Showing Phishing Report (Received VS Suspended) DN 400 300 200 100 0 May-07 Jul-07 Sep-07 Phishing Report Nov-07 Jan-08 Month Mar-08 Graph Showing Spamvertising Report (Received VS Suspended) DN 12000 10000 8000 6000 4000 2000 0 May-08 Spamvertising Report Received Suspended Report Received Suspended May-07 Jul-07 Sep-07 Nov-07 9 Jan-08 Month Mar-08 May-08

Control Measures of Phishing and Spamvertising on.hk domains Feb-07 and before: -Based on the report from HKCERT, HK Police, HKDNR verified, suspended phishing domain -Registration Agreement was amended Mar-Apr 07: -HKCERT helped develop guidelines to verify phishing domains so the verification process became faster -HKDNR did verification exercise for spamvertising domains Jun-Jul 07: -HKDNR adopted new online payment method (restricted to accept VBV only / secure code ready credit card) -Upon liaison by OFTA, an international blacklist provider started to provide daily spamvertising list to HKDNR; hence more than 7,000 domains were suspended in Jul Aug 07: -Daily monitoring of new Registration with suspicious payment and registration pattern (e.g. used lost card to settle payment, etc) -Article posted on spamtracker.eu to fight against phishing and spamvertising domains Sept 07: -Article was producing effect, so the numbers decreased Oct-Dec 07: -Situation was back to normal -The registrants applied more than 5 new domains at one time; so the numbers had started to increase From Jan 08 onwards : -HKDNR required documentary proofs for new domain name applications which are suspicious 10

Figure of Phishing and Spamvertising on.hk domains (Jul 07 May 08) Before suspension of >7,000 domains in Jul 2007(20-Jul-07) After suspension of >7,000 domains in Jul 2007 (20-Jul-07) Aug to Dec 2007 Jan to Feb 2008 Mar to Apr 2008 May 2008* No. of.hk PHISHING domains reported per day 5.4 4.3 5.3 7.7 0.2 0.03 No. of.hk SPAMVERTISING domains reported per day 73.5 11.7 2.8 0.2 0.3 0.03 Trends - Phishing and Spamvertizing on.hk domains 15 10 5 5.4 73.5 0 20-Jul-07 Aug to Dec 2007 Jan to Feb 2008 Mar to Apr 2008 May-08 11

What we have found so far? Some reported domains were used for bogus financial business website (e.g. Royal Bank of Scotland, Alliance Leicester Bank, SunTrust, Capital One Bank and ebay, HSBC etc) Some reported domains involved in non-financial sites like pharmacy, casino, porn website Many of these registrants applied 4-9 9 other domains at one time. Many reported domains were connected to name servers or addresses which follow specific patterns Many made payment by using several different credit cards until it succeeded Nearly all the reported phishing domains are 2nd level.hk domain Many of the phishing/spamvertising domains also identified by Firefox as suspected forgery website. Other sources: Antiphishing Group, SpamTrackers 12

Common Difficulties Faced by Domain Registry/Registrar and How HKDNR coped with it Common Difficulties Faced by Domain Registries/Registrars What have been done by HKDNR 1) Do not have expertise to verify if the reported domain is a phishing / spamvertised domain 2) Have no right to cancel phishing domain 3) Too much domain registration barrier will be too complicated for user registrations 13 HKCERT and OFTA offered help in establishing our own verification guideline for phishing and spamvertising Closely monitor the registration pattern by phisher (give us more confidence to take action) Have Objection Procedure in place amend registration agreement so as to give more flexibility and right to take action will be flexible to set barrier for a period of time when it is at CRISIS Level

Participation in Regional/ International Events Involvement and participation in Regional / international conferencing to make effort on combating phishing and spamvertising sites of using cctlds - Digital Phishnet Conference, Singapore Jan 08 - APCERT Annual Conference, Hongkong Mar 08 - Internet and DNS Security(WCSC), KL May 08 - CeCOS II Conference (Anti-phishing Working Group) May 08 14

McAfee Report McAfee published a report on Mapping the Mal Web Revisited in May 2008. The first report was published in Mar 2007. This report said Hong Kong (.HK) soared in 2008 to become the most risky country TLD. and Hong Kong (.hk), which was ranked twenty-eighth most risky overall in 2007, is now the most risky TLD. In fact, the report covered a research for which most data was collected in 2007. But the report called their ranking 2008 ranking. This mislead readers into thinking that.hk is now very dangerous to use. that.hk is now very 15 dangerous to use.

The Way Forward Like the real world, the cyberworld has both good and bad people. Criminals will not disappear overnight. Cyber-criminals are well organized, sophisticated and technically very competent. They are always looking for new ways to conduct phishing and spamvertising which escape notice of law-enforcement agencies and anti-cybercrime organizations. This is a NEVER ENDING BATTLE! Internet users have to be always on alert and conduct their online transactions with care. Public welcome to report on phishing/spamvertising using.hk domains. Phone: 852 2319 1313 Email: abuse@hkdnr.hk 16

17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback