1 post tagged “web”

I ran into an interesting, and troubling, situation today where some folks I know received an email informing them that their domain was being used in a DDoS attack on a website in Australia.

The really weird things was that the website listed in the complaint email was one they had never heard of.

At first glance, it appeared to be some kind of fishing email.  But, upon digging further it turned out that the domain the complaint named was indeed listed under the address and phone number of my associates for technical, organization, and billing contacts.  Only the email address was different (clearly a one-off yahoo mail address).

Someone had lifted the contact information of my associates from, either one of their legitimate domain registrations, or from their corporate site and used it to register a domain at Yahoo! Domains. The domain was then used in a DDoS attack and the blame (at least initially) fell on my associates.

There is no reason that whoever was behind this could not have inserted my associates corporate email too, leaving no trail at all (especially if they uses a stolen credit card number for the transaction, as I suspect they did).

With enough domains falsely registered under a single company's contact info, not only could a DDoS service be launched, but the spoofed company could end up spending a tremendous amount of time clearing their name and getting rid of the spoofed domain registrations. A double DDoS. One virtual. One real.

I have to admit, I'm actually surprised I haven't heard about this being a widespread problem...it certainly seems like it could easily and quickly become one.

I must give a plug for Yahoo here ...once contacted they quickly shut down and canceled the domain and promised to investigate further.