Infosecurity has registered hundreds of domain names similar to the names of popular brands

Using the ETHIC service, the Infosecurity experts have found mass registration of domains of famous brands in the Russian Internet. Now we’ll explain for what purposes new sites with servers in Belize were created.

In recent days, Infosecurity Company has recorded the growing popularity of domain names in the .RU zone with various combinations of names of popular brands ending with -off. The number of such domain names is already in the hundreds, and they keep appearing. Even though none of these domains are linked to any active website, all this may signal an impending large-scale phishing attack.

The Infosecurity specialists suggest that all these domain names are registered by one person or a group of persons, as all new resources have common features. Firstly, the domains are registered through the same Russian registrar company, and secondly, they are all tied to a server located on the technical premises of Ispiria Company in Belize, a small country in Central America. By the way, this company is often used to host phishing and other malicious sites.

“In just one day, on October 20, our ETHIC threat detection service recorded 192 new domain names ending in -off.ru. Considering that the cost of registering one domain name by the selected registrar is 199 rubles, the total costs of the buyer of these domains amounted to about 40 thousand rubles. This is quite a significant amount of money, so hardly anyone registered all these domain names just for fun, most likely the domain owner will soon start to monetize them. There are a lot of monetization scenarios: they can be used to boost network traffic, for phishing mailings, or to create full-fledged phishing sites,” – Sergey Trukhachev, Head of Special Services Unit at Infosecurity, says.

There has been a failure so far to reveal certain patterns in the brands selection. The list of domains includes oil companies, pharmacies, mobile operators, and fashion brands popular in Russia.

The Company's experts warn that the outbreak of resources whose domain names match with the names of brands should be a wake-up call for these brands’ owners. In the current environment, the possible activity with these domain names should be closely monitored to be able to take speedy protective measures.

26
October 2020

Поделиться: