[dns-operations] shunning malware-hosting registrars

Daniel Sterling sterling.daniel at gmail.com
Tue Jan 28 15:43:21 UTC 2014

Please excuse my ignorance about this topic:

Would it be possible for the larger DNS community to blacklist and
stop serving domains from registrars that are known to be friendly to
malware authors? For example, the recent FileZilla malware [1] uses
domains hosted by Naunet.ru. The Avast staff say that registrar
"ignores requests to suspend illegal domains."

If major DNS providers (ISPs, Google, corporate admins, etc) apply a
blacklist, malicious registrars would be much less valuable, and
malware authors would be forced to hardcode IPs instead of hostnames.
Is this already being done by anyone?

Browsers such as Chrome and Firefox use a blacklist to discourage
users from visiting malware sites, so there is at least some

Of course there are technical, logistical, philosophical and possibly
even legal reasons that might make this difficult, but at first take
it seems like this might be an effective malware deterrent.


[1] http://blog.avast.com/2014/01/27/malformed-filezilla-ftp-client-with-login-stealer/

More information about the dns-operations mailing list