[Dot]US Harbors Prolific Malicious Link Shortening Service

Security reporter Brian Krebs: The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year. Researchers at Infoblox say they've been tracking what appears to be a three-year-old link shortening service that is catering to phishers and malware purveyors. Infoblox found the domains involved are typically three to seven characters long, and hosted on bulletproof hosting providers that charge a premium to ignore any abuse or legal complaints. The short domains don't host any content themselves, but are used to obfuscate the real address of landing pages that try to phish users or install malware.

Infoblox says it's unclear how the phishing and malware landing pages tied to this service are being initially promoted, although they suspect it is mainly through scams targeting people on their phones via SMS. A new report says the company mapped the contours of this link shortening service thanks in part to pseudo-random patterns in the short domains, which all appear on the surface to be a meaningless jumble of letters and numbers. "This came to our attention because we have systems that detect registrations that use domain name generation algorithms," said Renee Burton, head of threat intelligence at Infoblox. "We have not found any legitimate content served through their shorteners."

The best part of ID.me

[Anonymous Coward]

That's why I like the US government using id.me as their identification-service website. What could possibly go wrong with a tld controlled by Montenegro?

Re:

[Deep Esophagus]

Yeah. A site has to carry a level of trust almost impossible to meet by my standards before I'll click on anything that's not .com, .net, .edu, or .gov. Yes, I realize that even those TLDs can certainly host malicious sites but *for the most part* they are better policed than J. Random TLD.

Phishers and malware purveyors

[PPH]

Wtf? OMG!

This is real

[CEC-P]

Recently we got a fake US government request for bid (which is not uncommon for us) and nobody clicked on it but the attached PDF was an exact clone of the USDA's request for bid pamphlet but with a QR code added. Anyone who scanned it went to .US site that was an exact clone of the USDA's website. It was registered in Singapore and hosted by TenCent. If you haven't seen Chinese commercial phishing, this is how hard they go with it.

Re:

[bill_mcgonigle]

> registered in Singapore

Tell the registrar it violates the .us ToS (USA locus) and if they ignore report them as a non-compliant registrar.

Unless they just went full cash-grab. Shady stuff going on there with their politics.

Nobody cares

[Local ID10T]

The top-level domain for the United States -- .US

Nobody uses .us domains in the USA.

Re:

[hazem]

Zoom does.

Re:Nobody cares

[drinkypoo]

Microsoft uses like 13 of them [cleanbrowsing.org].

Re:

[AmiMoJo]

Do you need any of them though? It doesn't look like anything bad would happen if they were blocked.

Re:

[drinkypoo]

We're talking about Microsoft here, only good things would happen if all of them were blocked.

However, I was addressing the point raised, and passing judgement on Microsoft wasn't the point... as amusing as it is

Zoom does.

[antdude]

https://zoom.us/ [zoom.us]

Even with http://zoom.com/ [zoom.com] that goes there!

Re:

[Local ID10T]

Point... but it still sounds like a look-a-like scammer domain at first glance.

Some people will click on anything, but a lot of others see a .us domain and go... nope.

Re:

[antdude]

Yep. I hate it too. Even big companies like using them, shorteners, other third parties, etc. Ugh. It's confusing and scary! It's like, is this legit or fake?

Re:

[cstacy]

The top-level domain for the United States -- .US

Nobody uses .us domains in the USA.

When the .US domain was first created, I had a domain there. Because the requirement to register a .COM domain was that you be verified as a large commercial business. Later, those requirements were dropped, and anyone could register a .COM, and rather than the US Government managing and paying for a single registry, private registrars came into being. And everyone got .COM, be they a random individual, or a non-commercial organization, or even a governmental entity.

It was a while before the .US domain regi

Re:

[drinkypoo]

I got my .org in the first couple of years anyone could do that. A lot of people were cheesed off about it, but most of them got over it and went and got one.

I do slightly regret not getting a good .com back when that was possible.

I also used to own fascination.st but I let someone who really cared about The Cure have it.

Oh, come on

[whitroth]

You know what domain hosts orders of magnitude more malicious actors? .com.

I resent .us being demonized (and yes, my domain is .us, because I'm not a business, an educational institution, or an organization).