Spammers Abusing Domain Parking Service Security Hole
#1
As first reported on the Symantec blog, Symantec software recently detected spammers abusing a security hole at large domain parking services. Symantec has consequently “automatically blocked tens of thousands of these domains”.

The security hole relates to an open redirect script hosted on said parking service providers, which can be used by spammers to redirect to other sites.

How exactly did spammers exploit this security hole?

It’s actually quite simple. Say cooking.com happens to be parked on a parking service provider with this particular security hole. The spammers send an email with text similar to the one below to people they spam:

“Hello, I’d love for you to check out what I have been cooking lately. Just click below:
http://www.cooking.com/redirect/aHR0cDov...mNvbQ==”

The aHR0cDovL3d3dy5teXNwYW13ZWJzaXRlLmNvbQ== above is actually url http://www.myspamwebsite.com base64 encoded as the said exploit requires base64 encoded urls to work.

So, the people being spammed are seeing a legitimate looking domain name like cooking.com in their emails which gives them confidence that their click will take them to a legitimate website – only to be redirected to http://www.myspamwebsite.com.

Obviously, Symantec has spam blocked a huge number of these domain names which might even end up being banned by search engines – this is quite bad. Symantec has informed the parking service providers about the security hole so hopefully the parties involved will work to fix the problem. Let’s hope Symantec will then remove the domain names from their block lists to prevent long term damage.



About Eranet
Todaynic.com International Limited(Eranet.com) was incorporated in Hong Kong in 2005, directly under Todaynic.com, Inc. which was established in 2000. As one of the first ICANN (The Internet Corporation for Assigned Names and Numbers), Verisign, HKDNR, and CNNIC (The China Internet Network Information Center) accredited registrars, Eranet is also a leading provider of services in domain name registration and web hosting.

Register domain names here
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  The domain register tips and steps-Shanghai IDC Co., Ltd WebGuru8 10 3,500 08-08-2012, 08:24 AM
Last Post: kahran
  How do i sell this valuable domain? fourwings 33 6,500 11-24-2010, 09:56 AM
Last Post: Luvbird
  Olympic related domain names Takwa 12 4,273 11-16-2010, 10:04 AM
Last Post: agrajtech11
  domain lawyer DNSBroker 12 4,403 10-28-2010, 11:45 AM
Last Post: agrajtech11
  Problems registering .US domain names fleahol 26 5,574 07-15-2010, 08:22 AM
Last Post: user123
  New NY Bill Involving Domain Names Dave Zan 6 2,410 08-19-2007, 03:02 PM
Last Post: Ardoris
  Trademark service? llegent 10 3,424 01-09-2007, 01:38 AM
Last Post: Domaineer
  Same domain name kokotai 12 3,600 11-19-2006, 07:26 AM
Last Post: wondering
  Using generic word / phrase in domain? triumph 13 3,455 10-02-2006, 12:59 PM
Last Post: Dave Zan

Forum Jump:


Users browsing this thread: 1 Guest(s)