[lac-discuss-en] [lac-discuss-es] Ejemplo abuso DNS
alberto at soto.net.ar
alberto at soto.net.ar
Thu Nov 30 13:12:00 UTC 2023
[[-- Translated text (es -> en) --]]
Dear, I copy (translation via Google) an example of DNS abuse.
topic to be debated, given that it is harming many end users.
Kind regards
Alberto Soto
“It has been six months since Netcraft first reported on the
abuse of the new .zip TLD, describing the fraudulent activity that
We detect and block. Within weeks of its launch, Netcraft
had detected many new .zip domain registrations designed to
exploit the confusion between the new TLD and the .zip file extension to
ZIP files.
So what has changed in the last 6 months? Not much, it seems.
.zip records
The rate of new .zip domain registrations has decreased since our
previous blog post. Despite this, there are now:
16,705 .zip domains registered (a threefold increase since our
previous post)
8,432 .zip domains with A records in total (a four-fold increase)
4,421 .zip domains with MX records in total, of which only 619 do not
they have A records
4,196 different IP addresses for .zip domains in total (an increase of
five times)
417 .zip domain names that mention 'installer' or 'update' (a
double increase)
Outside of these domains, we discovered five zip bombs in service. Besides,
the largest number of different IP addresses (1 for every 4 domains now, in
compared to 1 in 6 domains six months ago) suggests that
.zip domains are becoming more diverse.
Malicious web pages
Netcraft has blocked 50 malicious .zip domains since publication
previous on May 17, 2023, bringing the total to 56. These domains
they mostly impersonate Microsoft, Google and Steam, as illustrated
the following figure:
Other notable attacks include:
Apecoin[.]zip, first seen August 9, 2023, is a scam
cryptocurrency drain posing as a trading platform
cryptocurrencies. Intends to add cryptocurrencies to a user's wallet,
but when authorization is granted, you transfer all your assets
(cryptocurrencies, NFT, etc.) to the criminals who operate the site. This
The same technique is being used by criminals who exploit the
generosity of the people around the Gaza conflict.”
More information about the lac-discuss-en
mailing list