Spammers Abusing Domain Parking Service Security Hole
#1
As first reported on the Symantec blog, Symantec software recently detected spammers abusing a security hole at large domain parking services. Symantec has consequently “automatically blocked tens of thousands of these domains”.

The security hole relates to an open redirect script hosted on said parking service providers, which can be used by spammers to redirect to other sites.

How exactly did spammers exploit this security hole?

It’s actually quite simple. Say cooking.com happens to be parked on a parking service provider with this particular security hole. The spammers send an email with text similar to the one below to people they spam:

“Hello, I’d love for you to check out what I have been cooking lately. Just click below:
http://www.cooking.com/redirect/aHR0cDov...mNvbQ==”

The aHR0cDovL3d3dy5teXNwYW13ZWJzaXRlLmNvbQ== above is actually url http://www.myspamwebsite.com base64 encoded as the said exploit requires base64 encoded urls to work.

So, the people being spammed are seeing a legitimate looking domain name like cooking.com in their emails which gives them confidence that their click will take them to a legitimate website – only to be redirected to http://www.myspamwebsite.com.

Obviously, Symantec has spam blocked a huge number of these domain names which might even end up being banned by search engines – this is quite bad. Symantec has informed the parking service providers about the security hole so hopefully the parties involved will work to fix the problem. Let’s hope Symantec will then remove the domain names from their block lists to prevent long term damage.



About Eranet
Todaynic.com International Limited(Eranet.com) was incorporated in Hong Kong in 2005, directly under Todaynic.com, Inc. which was established in 2000. As one of the first ICANN (The Internet Corporation for Assigned Names and Numbers), Verisign, HKDNR, and CNNIC (The China Internet Network Information Center) accredited registrars, Eranet is also a leading provider of services in domain name registration and web hosting.

Register domain names here
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  How To Secure My Domain Name ? manoharparakh 0 180 02-02-2024, 09:32 AM
Last Post: manoharparakh
  domain lawyer DNSBroker 13 11,019 04-18-2018, 12:01 PM
Last Post: Laxmi123
  How do i sell this valuable domain? fourwings 34 17,386 01-20-2018, 09:47 AM
Last Post: Sobhana123
  The domain register tips and steps-Shanghai IDC Co., Ltd WebGuru8 11 9,053 01-11-2018, 05:17 AM
Last Post: Sobhana123
  Why register a domain Williamhawk 0 1,657 12-15-2017, 05:15 AM
Last Post: Williamhawk
  Domain Hosting and Mail Different Server Williamhawk 0 1,805 12-12-2017, 05:10 AM
Last Post: Williamhawk
  Olympic related domain names Takwa 12 9,835 11-16-2010, 10:04 AM
Last Post: agrajtech11
  Problems registering .US domain names fleahol 26 14,472 07-15-2010, 08:22 AM
Last Post: user123
  New NY Bill Involving Domain Names Dave Zan 6 6,143 08-19-2007, 03:02 PM
Last Post: Ardoris
  Trademark service? llegent 10 7,969 01-09-2007, 01:38 AM
Last Post: Domaineer

Forum Jump:


Users browsing this thread: 1 Guest(s)