ICANN participation

I've always been a fan of co-ops. In New York, we shop at greenstar.coop and my wife banks at alternatives.coop, in the UK we shop at co-operative.coop. So when the .COOP domain opened, I wondered if I could get my own clever domain name, but found that chicken.coop was taken by a small producer co-op in the southern U.S. Drat.

Back in June I got a note from the .COOP registry saying that they were issuing new passwords for zone file access and I needed to confirm my contact details. Out of idle curiosity I took another look at chicken.coop and found that the small co-op had sold out to a large company that didn't look like a co-op to me. So when I sent in my contact details, I asked whether they still restricted registrants to co-ops, and if so they should take a look at chicken.coop. I promptly got a personal note from Carolyn Hoover thanking me for pointing it out, since they were clearly in violation of the rules.

Three days ago I got another note telling me that they'd finally revoked chicken.coop and it's available. (Some friends run a CSA that raises chickens, so maybe they can do a coop-cam.) It's nice that they finally did revoke the non-coop registration but it took six months, which I'd say was slow except that compared to compliance efforts by ICANN it's warp speed. And as far as I can tell, there's still no compliance process in .COOP other than tips like mine.

As ICANN and its contractors are slowly and painfully learning, compliance is hard, it's expensive, and it's only going to get harder and more expensive as time goes on. As has been well documented in the press, for a long time ICANN had no meaningful compliance process for bad WHOIS data. Then they set something up, but it was far too underpowered to deal with all the reports, particularly once Knujon started doing automatic reporting. ICANN is now mostly able to keep up with the reports, but now there's a second round of what to do when the registrars who get the reports don't act on them.

Last week ICANN sent out a press release saying that they'd sent out notices of contract breach to chronic problem registrars joker.com and dns.com.cn. But those registrars have been famous bad actors for years, and ICANN says the process leading to these notices started in November 2007, almost a year ago. That's still orders of magnitude too slow when registrations take no more than hours.

Contract compliance enforcement is hardly a new or obscure activity, and every ICANN contract that affects third parties (notably registry and registrar agreements) is going to need it. I don't have any brilliant ideas here, except that I wish ICANN would take advantage of other people's experience rather than reinventing this wheel from scratch.

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, Policy & Regulation, Top-Level Domains

We Value Your Opinion: Please participate in this quick survey

This is a story about my mother and Obama.

My mother: "Have you heard about Obama? Really impressive guy."
Me: "What about him?"
My mother: "x, y and z."
Me: "Where did you hear about this?"
My mother: "I read email too, you are not the only one who is into technology."

Luckily, my mother bases her opinion on more than just spam messages, being an educated woman. I am not sure about others.

I refused to believe this. I still do. Yet, it is true. More and more people get their news from spam, and worse--Form political opinion based on what they read in it, especially when their friends send it to them in chain letters ("hey, you have to see this!").

Be it political spam targeted to change the minds of voters, or regular malicious spam, catching eyes with political blurbs so that users will open the email messages. These messages reach people, and they read them.

I don't have exact numbers, as I am unaware of research which tried to measure it. I am however, now facing the truth. What made me wake up was my mother.

Speaking with friends, my mother is far from the only person to be influenced by such email messages, though.

Follow CircleID on Twitter

More under: Security, Spam

We Value Your Opinion: Please participate in this quick survey

During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues:

"The announcement was made by NTIA's [National Telecommunications and Information Administration, a bureau of the U.S. Department of Commerce] Meredith Attwell Baker, who encouraged other governments to participate in the domestic U.S. proceeding. The announcement occurred after NTIA prevented ICANN, the supposedly independent, global, "bottom up" administrator of the DNS, to hold its own public consultation. Also, DoC says it is awaiting a proposal from ICANN regarding "automation" of certain root functions. ICANN's Paul Twomey, who was on the same panel, declined comment on anything NTIA said; apparently the gag order still holds."

Update 10/09/2008: The official Notice of Inquiry has now been published
Update 10/10/2008: Proposal To Sign the Root Zone Made Public

Follow CircleID on Twitter

More under: DNSSEC, Internet Governance, Security

We Value Your Opinion: Please participate in this quick survey

During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues:

"The announcement was made by NTIA's [National Telecommunications and Information Administration, a bureau of the U.S. Department of Commerce] Meredith Attwell Baker, who encouraged other governments to participate in the domestic U.S. proceeding. The announcement occurred after NTIA prevented ICANN, the supposedly independent, global, "bottom up" administrator of the DNS, to hold its own public consultation. Also, DoC says it is awaiting a proposal from ICANN regarding "automation" of certain root functions. ICANN's Paul Twomey, who was on the same panel, declined comment on anything NTIA said; apparently the gag order still holds."

Update 10/09/2008: The official Notice of Inquiry has now been published
Update 10/10/2008: Proposal To Sign the Root Zone Made Public

Follow CircleID on Twitter

More under: DNSSEC, Internet Governance, Security

We Value Your Opinion: Please participate in this quick survey

During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues:

"The announcement was made by NTIA's [National Telecommunications and Information Administration, a bureau of the U.S. Department of Commerce] Meredith Attwell Baker, who encouraged other governments to participate in the domestic U.S. proceeding. The announcement occurred after NTIA prevented ICANN, the supposedly independent, global, "bottom up" administrator of the DNS, to hold its own public consultation. Also, DoC says it is awaiting a proposal from ICANN regarding "automation" of certain root functions. ICANN's Paul Twomey, who was on the same panel, declined comment on anything NTIA said; apparently the gag order still holds."

Update 10/09/2008: The official Notice of Inquiry has now been published
Update 10/10/2008: Proposal To Sign the Root Zone Made Public

Follow CircleID on Twitter

More under: DNSSEC, Internet Governance, Security

We Value Your Opinion: Please participate in this quick survey

New analysis from Frost & Sullivan research firm suggests that the IPTV subscriber base in Asia-Pacific—covering 13 countries—reached 4.1 million in 2007 and estimates this number to reach 22.4 million by the end of 2013, at a CAGR (compound annual growth rate) of 32.7 percent (2007-2013). Of the 13 countries, eight had commercial IPTV services in 2007, while the rest are conducting trials for expected deployments from 2009 onwards, according to the report. "Many service providers feel the urge to launch IPTV services as a defensive strategy to increase their 'n-play' offerings with one more service."

Asia-Pacific accounted for about a third of the global IPTV subscriber base last year. Apart from South Korea which does not have true IPTV service, the top two Asia-Pac countries by subscribers as at end-2007 are Hong Kong with 24.9 percent (1.02 million subscribers) of the region's IPTV subscriber base and China with 22.7 percent (0.93 million). Hong Kong has the highest household IPTV penetration rate at 45.3 percent, and is the only market where IPTV dominates the pay-TV industry with a 46.7 percent subscriber market share in 2007 through its incumbent PCCW. Cable TV controls 41 percent of Hong Kong's 2.18 million pay-TV subscriber market, while satellite DTH (direct-to-home) services hold the remaining 12.3 percent.

Follow CircleID on Twitter

More under: IPTV

We Value Your Opinion: Please participate in this quick survey

New analysis from Frost & Sullivan research firm suggests that the IPTV subscriber base in Asia-Pacific—covering 13 countries—reached 4.1 million in 2007 and estimates this number to reach 22.4 million by the end of 2013, at a CAGR (compound annual growth rate) of 32.7 percent (2007-2013). Of the 13 countries, eight had commercial IPTV services in 2007, while the rest are conducting trials for expected deployments from 2009 onwards, according to the report. "Many service providers feel the urge to launch IPTV services as a defensive strategy to increase their 'n-play' offerings with one more service."

Asia-Pacific accounted for about a third of the global IPTV subscriber base last year. Apart from South Korea which does not have true IPTV service, the top two Asia-Pac countries by subscribers as at end-2007 are Hong Kong with 24.9 percent (1.02 million subscribers) of the region's IPTV subscriber base and China with 22.7 percent (0.93 million). Hong Kong has the highest household IPTV penetration rate at 45.3 percent, and is the only market where IPTV dominates the pay-TV industry with a 46.7 percent subscriber market share in 2007 through its incumbent PCCW. Cable TV controls 41 percent of Hong Kong's 2.18 million pay-TV subscriber market, while satellite DTH (direct-to-home) services hold the remaining 12.3 percent.

Follow CircleID on Twitter

More under: IPTV

We Value Your Opinion: Please participate in this quick survey

New analysis from Frost & Sullivan research firm suggests that the IPTV subscriber base in Asia-Pacific—covering 13 countries—reached 4.1 million in 2007 and estimates this number to reach 22.4 million by the end of 2013, at a CAGR (compound annual growth rate) of 32.7 percent (2007-2013). Of the 13 countries, eight had commercial IPTV services in 2007, while the rest are conducting trials for expected deployments from 2009 onwards, according to the report. "Many service providers feel the urge to launch IPTV services as a defensive strategy to increase their 'n-play' offerings with one more service."

Asia-Pacific accounted for about a third of the global IPTV subscriber base last year. Apart from South Korea which does not have true IPTV service, the top two Asia-Pac countries by subscribers as at end-2007 are Hong Kong with 24.9 percent (1.02 million subscribers) of the region's IPTV subscriber base and China with 22.7 percent (0.93 million). Hong Kong has the highest household IPTV penetration rate at 45.3 percent, and is the only market where IPTV dominates the pay-TV industry with a 46.7 percent subscriber market share in 2007 through its incumbent PCCW. Cable TV controls 41 percent of Hong Kong's 2.18 million pay-TV subscriber market, while satellite DTH (direct-to-home) services hold the remaining 12.3 percent.

Follow CircleID on Twitter

More under: IPTV

We Value Your Opinion: Please participate in this quick survey

New analysis from Frost & Sullivan research firm suggests that the IPTV subscriber base in Asia-Pacific—covering 13 countries—reached 4.1 million in 2007 and estimates this number to reach 22.4 million by the end of 2013, at a CAGR (compound annual growth rate) of 32.7 percent (2007-2013). Of the 13 countries, eight had commercial IPTV services in 2007, while the rest are conducting trials for expected deployments from 2009 onwards, according to the report. "Many service providers feel the urge to launch IPTV services as a defensive strategy to increase their 'n-play' offerings with one more service."

Asia-Pacific accounted for about a third of the global IPTV subscriber base last year. Apart from South Korea which does not have true IPTV service, the top two Asia-Pac countries by subscribers as at end-2007 are Hong Kong with 24.9 percent (1.02 million subscribers) of the region's IPTV subscriber base and China with 22.7 percent (0.93 million). Hong Kong has the highest household IPTV penetration rate at 45.3 percent, and is the only market where IPTV dominates the pay-TV industry with a 46.7 percent subscriber market share in 2007 through its incumbent PCCW. Cable TV controls 41 percent of Hong Kong's 2.18 million pay-TV subscriber market, while satellite DTH (direct-to-home) services hold the remaining 12.3 percent.

Follow CircleID on Twitter

More under: IPTV

We Value Your Opinion: Please participate in this quick survey

According to U.S. presidential candidates' position statements on the issues, John McCain is against Net neutrality and Barack Obama supports it. Glenn Derene, senior tech editor of Popular Mechanics who has put some thought into this issue in light of the current presidential race, says Net Neutrality is "one of the few technology issues on which the candidates clearly disagree." Derek explains:

"I invited both campaigns to elaborate on their positions, but in the waning weeks of the race, neither side was willing to take a few moments from their busy schedules and talk technology with me. Nevertheless, the general philosophies of each side seem clear: McCain believes in a lightly regulated Internet, while Obama believes in more government involvement. But it gets a bit more complicated. When it comes to net neutrality, both sides can make a credible case that they're the ones defending freedom of innovation and open communication."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation

We Value Your Opinion: Please participate in this quick survey

According to U.S. presidential candidates' position statements on the issues, John McCain is against Net neutrality and Barack Obama supports it. Glenn Derene, senior tech editor of Popular Mechanics who has put some thought into this issue in light of the current presidential race, says Net Neutrality is "one of the few technology issues on which the candidates clearly disagree." Derek explains:

"I invited both campaigns to elaborate on their positions, but in the waning weeks of the race, neither side was willing to take a few moments from their busy schedules and talk technology with me. Nevertheless, the general philosophies of each side seem clear: McCain believes in a lightly regulated Internet, while Obama believes in more government involvement. But it gets a bit more complicated. When it comes to net neutrality, both sides can make a credible case that they're the ones defending freedom of innovation and open communication."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation

We Value Your Opinion: Please participate in this quick survey

According to U.S. presidential candidates' position statements on the issues, John McCain is against Net neutrality and Barack Obama supports it. Glenn Derene, senior tech editor of Popular Mechanics who has put some thought into this issue in light of the current presidential race, says Net Neutrality is "one of the few technology issues on which the candidates clearly disagree." Derek explains:

"I invited both campaigns to elaborate on their positions, but in the waning weeks of the race, neither side was willing to take a few moments from their busy schedules and talk technology with me. Nevertheless, the general philosophies of each side seem clear: McCain believes in a lightly regulated Internet, while Obama believes in more government involvement. But it gets a bit more complicated. When it comes to net neutrality, both sides can make a credible case that they're the ones defending freedom of innovation and open communication."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation

We Value Your Opinion: Please participate in this quick survey

According to U.S. presidential candidates' position statements on the issues, John McCain is against Net neutrality and Barack Obama supports it. Glenn Derene, senior tech editor of Popular Mechanics who has put some thought into this issue in light of the current presidential race, says Net Neutrality is "one of the few technology issues on which the candidates clearly disagree." Derek explains:

"I invited both campaigns to elaborate on their positions, but in the waning weeks of the race, neither side was willing to take a few moments from their busy schedules and talk technology with me. Nevertheless, the general philosophies of each side seem clear: McCain believes in a lightly regulated Internet, while Obama believes in more government involvement. But it gets a bit more complicated. When it comes to net neutrality, both sides can make a credible case that they're the ones defending freedom of innovation and open communication."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation

We Value Your Opinion: Please participate in this quick survey

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs. The zombies in the network are advertised in DNS records managed by the botnet and act as web proxies, handling the inbound request from a victim and relaying the data from a central machine, often dubbed the mothership. The botnet will advertise some small fraction of the bot population in this DNS map and use it to lure in new victims. One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. Fast flux hosting techniques are used by botnet operators to thwart takedown of their key infrastructure and deny the chance for analysts to inspect the central malicious content server. These sort of hosting schemes are often resold as bulletproof hosting schemes for a variety of illegal activities.

ATLAS is our data repository and we added fast flux botnet tracking to it earlier this year and one of its main focuses is on botnet activity tracking. The system gathers data by actively polling DNS servers with fast flux domain name queries, recording the answers. Briefly, we watch domain names spammed in email messages and used by malcode and screen them for fast flux characteristics: a very short time to live (TTL), a wide dispersal of hosts that constantly change, and other factors that are consistent with past fast flux botnet behaviors. Once they pass the screening process, ATLAS will enter them into a polling loop to gather as many results for the queries over time. ATLAS will stop tracking the domain name only after it fails to resolve or stops changing, suggesting that its been disabled. This list of IP addresses associated with domain names over time are members of the botnet.

For our study we used 6 months of data gathered by ATLAS representing nearly 1000 unique domain names and 15 million unique IP address and domain name pairs. Using this data set we found the following:

• Most fast flux domains are dormant for more than 30 days before their use in a flux operation; domain name tasting, where a domain name is used for the five day 100% refund grace period, does not appear to be a major factor in fast flux domain name use.
• The global TLD distribution (i.e. .com, .cn, etc) of fast flux domain names is now wider than originally reports by Holz and company at NDSS in 2007; this issue now affects significantly more registrars.
• We can identify clusters of IPs and associated hostnames, showing how many botnets use how many names. We find only a handful of distinct botnets using fast flux methods.
• Fast flux service networks support a wide variety of online crime activity, such as phishing, malcode delivery, casino advertisements, illegal or questionable pharmacy sites, and other activities.
• Fast flux is a smaller-scale problem than is widely assumed, and only a few thousand hosts globally are involved at any one time. The dollar value of these crimes, however, is significant.
• Hosts involved in fast flux service networks are extremely promiscuous, sometimes having hundreds or even thousands of domain names associated with them, due to the large number of names used by many active fast flux botnets.
• Active DNS probing, which is commonly used to investigate fast flux botnet activities (and was used in our study), does not appear to be an effective, reliable measure of a botnets size. We found only about 1% visibility into the storm worm botnet, and we have not been able to get size estimates of other botnets for comparison.

We also anticipate that this dormant period between the domain names registration and activation can be used to identify domain names that are similar to other active fast flux names and proactively disable them.

We have taken the analysis we performed in the paper and have expanded it into our ATLAS system. These reports show distinct botnets group by domain names, infected hosts around the world, newly discovered domains and the longest lived domains. Our results are further strengthened with the increased visibility we have obtained in the months since the research was first conducted. We have now begun to work with the registrar community to get fast flux domain names deactivated and continue to reach out to new registrars to combat this problem.

Follow CircleID on Twitter

More under: Security, Spam

We Value Your Opinion: Please participate in this quick survey

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs. The zombies in the network are advertised in DNS records managed by the botnet and act as web proxies, handling the inbound request from a victim and relaying the data from a central machine, often dubbed the mothership. The botnet will advertise some small fraction of the bot population in this DNS map and use it to lure in new victims. One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. Fast flux hosting techniques are used by botnet operators to thwart takedown of their key infrastructure and deny the chance for analysts to inspect the central malicious content server. These sort of hosting schemes are often resold as bulletproof hosting schemes for a variety of illegal activities.

ATLAS is our data repository and we added fast flux botnet tracking to it earlier this year and one of its main focuses is on botnet activity tracking. The system gathers data by actively polling DNS servers with fast flux domain name queries, recording the answers. Briefly, we watch domain names spammed in email messages and used by malcode and screen them for fast flux characteristics: a very short time to live (TTL), a wide dispersal of hosts that constantly change, and other factors that are consistent with past fast flux botnet behaviors. Once they pass the screening process, ATLAS will enter them into a polling loop to gather as many results for the queries over time. ATLAS will stop tracking the domain name only after it fails to resolve or stops changing, suggesting that its been disabled. This list of IP addresses associated with domain names over time are members of the botnet.

For our study we used 6 months of data gathered by ATLAS representing nearly 1000 unique domain names and 15 million unique IP address and domain name pairs. Using this data set we found the following:

• Most fast flux domains are dormant for more than 30 days before their use in a flux operation; domain name tasting, where a domain name is used for the five day 100% refund grace period, does not appear to be a major factor in fast flux domain name use.
• The global TLD distribution (i.e. .com, .cn, etc) of fast flux domain names is now wider than originally reports by Holz and company at NDSS in 2007; this issue now affects significantly more registrars.
• We can identify clusters of IPs and associated hostnames, showing how many botnets use how many names. We find only a handful of distinct botnets using fast flux methods.
• Fast flux service networks support a wide variety of online crime activity, such as phishing, malcode delivery, casino advertisements, illegal or questionable pharmacy sites, and other activities.
• Fast flux is a smaller-scale problem than is widely assumed, and only a few thousand hosts globally are involved at any one time. The dollar value of these crimes, however, is significant.
• Hosts involved in fast flux service networks are extremely promiscuous, sometimes having hundreds or even thousands of domain names associated with them, due to the large number of names used by many active fast flux botnets.
• Active DNS probing, which is commonly used to investigate fast flux botnet activities (and was used in our study), does not appear to be an effective, reliable measure of a botnets size. We found only about 1% visibility into the storm worm botnet, and we have not been able to get size estimates of other botnets for comparison.

We also anticipate that this dormant period between the domain names registration and activation can be used to identify domain names that are similar to other active fast flux names and proactively disable them.

We have taken the analysis we performed in the paper and have expanded it into our ATLAS system. These reports show distinct botnets group by domain names, infected hosts around the world, newly discovered domains and the longest lived domains. Our results are further strengthened with the increased visibility we have obtained in the months since the research was first conducted. We have now begun to work with the registrar community to get fast flux domain names deactivated and continue to reach out to new registrars to combat this problem.

Follow CircleID on Twitter

More under: Security, Spam

We Value Your Opinion: Please participate in this quick survey

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs. The zombies in the network are advertised in DNS records managed by the botnet and act as web proxies, handling the inbound request from a victim and relaying the data from a central machine, often dubbed the mothership. The botnet will advertise some small fraction of the bot population in this DNS map and use it to lure in new victims. One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. Fast flux hosting techniques are used by botnet operators to thwart takedown of their key infrastructure and deny the chance for analysts to inspect the central malicious content server. These sort of hosting schemes are often resold as bulletproof hosting schemes for a variety of illegal activities.

ATLAS is our data repository and we added fast flux botnet tracking to it earlier this year and one of its main focuses is on botnet activity tracking. The system gathers data by actively polling DNS servers with fast flux domain name queries, recording the answers. Briefly, we watch domain names spammed in email messages and used by malcode and screen them for fast flux characteristics: a very short time to live (TTL), a wide dispersal of hosts that constantly change, and other factors that are consistent with past fast flux botnet behaviors. Once they pass the screening process, ATLAS will enter them into a polling loop to gather as many results for the queries over time. ATLAS will stop tracking the domain name only after it fails to resolve or stops changing, suggesting that its been disabled. This list of IP addresses associated with domain names over time are members of the botnet.

For our study we used 6 months of data gathered by ATLAS representing nearly 1000 unique domain names and 15 million unique IP address and domain name pairs. Using this data set we found the following:

• Most fast flux domains are dormant for more than 30 days before their use in a flux operation; domain name tasting, where a domain name is used for the five day 100% refund grace period, does not appear to be a major factor in fast flux domain name use.
• The global TLD distribution (i.e. .com, .cn, etc) of fast flux domain names is now wider than originally reports by Holz and company at NDSS in 2007; this issue now affects significantly more registrars.
• We can identify clusters of IPs and associated hostnames, showing how many botnets use how many names. We find only a handful of distinct botnets using fast flux methods.
• Fast flux service networks support a wide variety of online crime activity, such as phishing, malcode delivery, casino advertisements, illegal or questionable pharmacy sites, and other activities.
• Fast flux is a smaller-scale problem than is widely assumed, and only a few thousand hosts globally are involved at any one time. The dollar value of these crimes, however, is significant.
• Hosts involved in fast flux service networks are extremely promiscuous, sometimes having hundreds or even thousands of domain names associated with them, due to the large number of names used by many active fast flux botnets.
• Active DNS probing, which is commonly used to investigate fast flux botnet activities (and was used in our study), does not appear to be an effective, reliable measure of a botnets size. We found only about 1% visibility into the storm worm botnet, and we have not been able to get size estimates of other botnets for comparison.

We also anticipate that this dormant period between the domain names registration and activation can be used to identify domain names that are similar to other active fast flux names and proactively disable them.

We have taken the analysis we performed in the paper and have expanded it into our ATLAS system. These reports show distinct botnets group by domain names, infected hosts around the world, newly discovered domains and the longest lived domains. Our results are further strengthened with the increased visibility we have obtained in the months since the research was first conducted. We have now begun to work with the registrar community to get fast flux domain names deactivated and continue to reach out to new registrars to combat this problem.

Follow CircleID on Twitter

More under: Security, Spam

We Value Your Opinion: Please participate in this quick survey

Internet is a "cesspool," a festering sea of bad information, said Google's CEO, Eric Schmidt, yesterday while speaking to a group of visiting magazine executives at the company's Mountain View, California Campus during the American Magazine Conference. Schmidt suggested that "brands" are more important than ever and key solution for this problem is brands. "Brands are the solution, not the problem," said Schmidt. "Brands are how you sort out the cesspool." Branding, on the other hand, may be an essential element that helps people navigate the world, he continued. "Brand affinity is clearly hard wired," he said. "It is so fundamental to human existence that it's not going away. It must have a genetic component."

Follow CircleID on Twitter

More under: Web

We Value Your Opinion: Please participate in this quick survey

Internet is a "cesspool," a festering sea of bad information, said Google's CEO, Eric Schmidt, yesterday while speaking to a group of visiting magazine executives at the company's Mountain View, California Campus during the American Magazine Conference. Schmidt suggested that "brands" are more important than ever and key solution for this problem is brands. "Brands are the solution, not the problem," said Schmidt. "Brands are how you sort out the cesspool." Branding, on the other hand, may be an essential element that helps people navigate the world, he continued. "Brand affinity is clearly hard wired," he said. "It is so fundamental to human existence that it's not going away. It must have a genetic component."

Follow CircleID on Twitter

More under: Web

We Value Your Opinion: Please participate in this quick survey

Internet is a "cesspool," a festering sea of bad information, said Google's CEO, Eric Schmidt, yesterday while speaking to a group of visiting magazine executives at the company's Mountain View, California Campus during the American Magazine Conference. Schmidt suggested that "brands" are more important than ever and key solution for this problem is brands. "Brands are the solution, not the problem," said Schmidt. "Brands are how you sort out the cesspool." Branding, on the other hand, may be an essential element that helps people navigate the world, he continued. "Brand affinity is clearly hard wired," he said. "It is so fundamental to human existence that it's not going away. It must have a genetic component."

Follow CircleID on Twitter

More under: Web

We Value Your Opinion: Please participate in this quick survey

Internet is a "cesspool," a festering sea of bad information, said Google's CEO, Eric Schmidt, yesterday while speaking to a group of visiting magazine executives at the company's Mountain View, California Campus during the American Magazine Conference. Schmidt suggested that "brands" are more important than ever and key solution for this problem is brands. "Brands are the solution, not the problem," said Schmidt. "Brands are how you sort out the cesspool." Branding, on the other hand, may be an essential element that helps people navigate the world, he continued. "Brand affinity is clearly hard wired," he said. "It is so fundamental to human existence that it's not going away. It must have a genetic component."

Follow CircleID on Twitter

More under: Web

We Value Your Opinion: Please participate in this quick survey