Despite its illegal nature, the industry revolving around cybercrime follows the same rules characteristic for any human economic enterprise: those who discover a need, create a product or service that will satisfy that need and sell it to the highest bidder will prosper.
Among those are surely the software developers that manage to automate a lot of boring and time-consuming tasks for the crooks engaged in the actual money/information stealing.
Webroot’s researcher Dancho Danchev is known for keeping a tab on such tools and services being offered on underground forums, and his latest discovery involves a malicious domain name registering/managing service.
As a rule, cyber crooks attempting to increase the life cycle of their malicious campaigns will use domains hosted on bulletproof servers, fast-fluxing (automatic rotation of the domain’s IP address), and random domain name generation. This recently discovered service makes it easier for the criminals to effectively execute this last step.
“Fast domain registration frees you from routine,” boasts the service. “Using our service, you can register domain scores in 3 clicks.”
“The service allows them (cybercriminals) to register randomly generated domains in mass, instantly change IPs and Name Servers, and cross-reference with anti-spam checklists for verification of clean/flagged IPs,” Danchev explains.
It also allows filtering of the database of the domains that were registered using the service, and checking whether any of those domains has been blacklisted.
Cyber crooks can choose between a number of TDLs: .in, .org, .pro, or a combination of them. The price, of course, varies, with .pro being the cheapest at $5.
Finally, the availability of the generated domains is verified, and the criminals can proceed to register them and use them.