[dns-operations] shunning malware-hosting registrars
Daniel Sterling
sterling.daniel at gmail.com
Tue Jan 28 15:43:21 UTC 2014
Please excuse my ignorance about this topic:
Would it be possible for the larger DNS community to blacklist and
stop serving domains from registrars that are known to be friendly to
malware authors? For example, the recent FileZilla malware [1] uses
domains hosted by Naunet.ru. The Avast staff say that registrar
"ignores requests to suspend illegal domains."
If major DNS providers (ISPs, Google, corporate admins, etc) apply a
blacklist, malicious registrars would be much less valuable, and
malware authors would be forced to hardcode IPs instead of hostnames.
Is this already being done by anyone?
Browsers such as Chrome and Firefox use a blacklist to discourage
users from visiting malware sites, so there is at least some
precedent.
Of course there are technical, logistical, philosophical and possibly
even legal reasons that might make this difficult, but at first take
it seems like this might be an effective malware deterrent.
Thanks,
Dan
[1] http://blog.avast.com/2014/01/27/malformed-filezilla-ftp-client-with-login-stealer/
More information about the dns-operations
mailing list