New domain names a haven for hackers, security experts warn
14.06.2012 | 19:36The planned introduction of more than 1,900 new generic top-level domain (gTLD) names by Internet Corporation for Assigned Names and Numbers (Icann) could have security implications, researchers have warned.
The plan to allow web addresses ending in hundreds of generic words, such as .flowers and brand names such as .google and .pepsi, is the most dramatic change to the internet in decades.
Icann hopes to have the first of the new domains live by early 2013, but members of the security industry have raised concerns that the opportunity could be exploited by cybercriminals.
As unfamiliar domain names begin to proliferate, there are fears that cybercriminals could use well-known brand names to create malicious sites that look legitimate and have plausible web addresses.
"It will be increasingly difficult for consumers to instinctively know what may be an illegitimate site carrying potential threats," said Carl Leonard, senior security research manager for Europe at security firm Websense.
Such sites are typically used for phishing attacks or the delivery of malware to unsuspecting visitors.
In the beginning, web users will tend to trust e-mails received from “yourbank.bank” without having any way of knowing exactly who sent the message, said Leonard.
"Icann will need strict enforcement of its policies and stringent evaluation procedures for generic top-level domains so that the bad guys don’t get their hands on them,” he said.
According to Leonard, businesses will also have to take care to ensure their reputation is not damaged by criminals registering their brand name in a .xxx domain, for example.
The high price of the entrance fee to apply for a TLD should be a deterrent to cybercriminals, he said, but businesses still need to take precautions.
"First, they need to ensure that their brand is protected by pre-registering their company name and trademarks under the new top level domains and secure the rights to these.
Second, take precautions so that employees are not accidentally accessing bogus sites by ensuring they protect access to these malicious sites in real time," he said.
Jason Rawkins, partner and domain names specialist at law firm Taylor Wessing, said brand owners will need to keep a close eye on the registration of their brands at the second and subsequent levels by other applicants.
"For example, fashion companies such as Prada and Hermes will want to make sure that whoever is awarded the .fashion domain does not allow a third party to register prada.fashion or hermes.fashion," he said.
by Warwick Ashford
The latest news
- 17.05.2013 | 16:42 Experts ding DHS vulnerability sharing plan as too limited
- 17.05.2013 | 16:41 Facebook, Twitter, Tumblr apps come to Google Glass
- 17.05.2013 | 16:40 Did Stuxnet help rather than hinder Iran’s nuclear program?
- 17.05.2013 | 16:22 EU may consider 'hack-back' legislation
- 17.05.2013 | 16:21 Malicious YouTube Pages Targeting Chrome Users
- 17.05.2013 | 16:13 ESET Uncovers Cyber Espionage Campaign Targeting Government Agencies in Pakistan