Thursday, June 4, 2009

Unfortunate brand squatting

Hi folks,

A common practise among enterprising webmeisters is what's known as brand-squatting. That's where you find a domain whose owner has neglected, or not bothered, to renew it, and it's up for grabs. If you get something modestly popular, then you get the beneift of whatever residual traffic they've generated as a starting point. Makes sense for most domains.

This time, however, someone re-registered and re-vitalized one of the most notorious brands in malcode history .... coolwebsearch ! :-) :-) :-)

Not only that, but while it was a search-enginey kind of page, it was also hosting an exploit!!! Whether that was deliberate or accidental is not clear, but it doesn't matter much as it's down now.

coolwebsearch.us was registered on about the 18th of April 2009, and our first detection was 24th April. Our last was yesterday, but as this graph shows, activity has been tapering off anyway.

Here's a graph of the detection events our users told us about.



As you can see, we had about 11,000 hits spread over 40 days, across 106 countries.

It's a dangerous internet folks, but at least it's sometimes funny.

Keep safe,

Roger

Please follow me on Twitter