[lac-discuss-en] [lac-discuss-es] Ejemplo abuso DNS

alberto at soto.net.ar alberto at soto.net.ar
Thu Nov 30 13:12:00 UTC 2023 

[[-- Translated text (es -> en) --]]

Dear, I copy (translation via Google) an example of DNS abuse.
 topic to be debated, given that it is harming many end users.

 Kind regards

 Alberto Soto



 “It has been six months since Netcraft first reported on the
 abuse of the new .zip TLD, describing the fraudulent activity that
 We detect and block. Within weeks of its launch, Netcraft
 had detected many new .zip domain registrations designed to
 exploit the confusion between the new TLD and the .zip file extension to
 ZIP files.



 So what has changed in the last 6 months? Not much, it seems.



 .zip records

 The rate of new .zip domain registrations has decreased since our
 previous blog post. Despite this, there are now:



 16,705 .zip domains registered (a threefold increase since our
 previous post)

 8,432 .zip domains with A records in total (a four-fold increase)

 4,421 .zip domains with MX records in total, of which only 619 do not
 they have A records

 4,196 different IP addresses for .zip domains in total (an increase of
 five times)

 417 .zip domain names that mention 'installer' or 'update' (a
 double increase)



 Outside of these domains, we discovered five zip bombs in service. Besides,
 the largest number of different IP addresses (1 for every 4 domains now, in
 compared to 1 in 6 domains six months ago) suggests that
 .zip domains are becoming more diverse.



 Malicious web pages

 Netcraft has blocked 50 malicious .zip domains since publication
 previous on May 17, 2023, bringing the total to 56. These domains
 they mostly impersonate Microsoft, Google and Steam, as illustrated
 the following figure:





 Other notable attacks include:



 Apecoin[.]zip, first seen August 9, 2023, is a scam
 cryptocurrency drain posing as a trading platform
 cryptocurrencies. Intends to add cryptocurrencies to a user's wallet,
 but when authorization is granted, you transfer all your assets
 (cryptocurrencies, NFT, etc.) to the criminals who operate the site. This
 The same technique is being used by criminals who exploit the
 generosity of the people around the Gaza conflict.”

More information about the lac-discuss-en mailing list