Latest news of the domain name industry

Recent Posts

dotFree settles Microsoft botnet lawsuit

Kevin Murphy, October 28, 2011, Domain Registries

One of the companies that plans to apply for the .free top-level domain next year has settled a lawsuit filed by Microsoft over claims it was involved in running the Kelihos botnet.

The suit, filed in late September, had alleged that Czech-based dotFree Group and its CEO, Dominique Piatti, were behind dozens of domains used to spread malware.

dotFree already runs the free .cz.cc subdomain service, which isn’t what you’d call a trustworthy namespace. The whole .cz.cc zone appears to be currently banned from Google’s index.

This week, Microsoft has dropped its claims against the company and Piatti, saying it will instead work with the company to try to help clean up the free .cz.cc space.

Microsoft said on its official blog:

Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet. Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti’s cz.cc domain.

As part of the settlement, Mr. Piatti has agreed to delete or transfer all the subdomains used to either operate the Kelihos botnet, or used for other illegitimate purposes, to Microsoft. Additionally, Mr. Piatti and dotFREE Group have agreed to work with us to create and implement best practices to prevent abuse of free subdomains and, ultimately, apply these same best practices to establish a secure free Top Level Domain as they expand their business going forward.

Expect this issue to be raised if and when .free becomes a contested gTLD application.

Windows 8 and the emotional reaction to new gTLDs

Kevin Murphy, September 14, 2011, Domain Policy

Watching videos and reading reports about the Windows 8 demos at Build 2011 yesterday, I found myself experiencing a quite overwhelming feeling of despair.

I’m not usually what you’d call an early adopter.

I did buy my current laptop on the day Windows 7 was released. Not because I’m a Microsoft fanboy; I just needed a new laptop and figured I may as well wait for the new OS to come out.

I resisted buying a mobile phone until 2006. The one I have now cost me £5. I have literally no idea if it does internet or not. The thing I thought was a camera lens turned out to be a flashlight.

I bought an iPod once, but the only reason I haven’t stamped it to pieces yet is because it’s full of photos of loved ones I cannot retrieve because it’s “synched” to a PC that I did stamp to pieces.

I’ve never owned a touch-screen device, and I don’t really want to.

I’m not interested in gestural interfaces or chrome-free environments; I want menus that tell me what the software does and let me click on the thing I want it to do.

Hence my despair at Windows 8, which appears to be doing away with useful stuff in favor of, I dunno, looking nice or something. Microsoft appears to be trying to appeal to (shudder) Apple users.

I felt the same about Google+, which I have yet to join. Apparently it’s quite good, but my initial reaction to its launch earlier this year was “For god’s sake, why?” and “Do we really need more shit to update?”

I fear change…

(tenuous link alert)

…and I feel certain I’m having exactly the same emotional reaction to Windows 8 as many people are having to ICANN’s new gTLD program.

Just as I don’t want to have to think about typing onto a screen (a screen, for crying out loud!) there are millions of people just as pissed right now that they’re being forced to think about new gTLDs.

“But we don’t need them!” they wail. “Everything works just fine as it is!”

Yeah, well that’s how I feel about all the shiny shiny fondlelabs everybody else in the world seems to be currently obsessing over.

I share your pain, Bob Liodice.

But sometimes technology companies come out with new stuff because they think that’s the way to innovate and (of course) make more money.

It’s just the way it is. You’ve got to accept it and move on. If you’re smart, you’ll figure out a way to turn the thing to your advantage.

Everybody currently using Windows 7, Vista or XP will eventually upgrade to Windows 8, even if it’s probably going to be a prettier but less useful version of its predecessors.

If you still buy DVDs, one day you’ll probably be forced to buy a Blu-ray player, just the same as you were forced to upgrade from VHS.

And if you think VeriSign’s mindshare monopoly on the domain name system is the way things should stay forever, new gTLDs are going to make you think again.

Lego overtakes Microsoft in cybersquatting cases

Kevin Murphy, July 22, 2011, Domain Policy

Lego has now filed more complaints against cybersquatters than Microsoft.

The maker of the popular building block toys has filed 236 cases using the Uniform Dispute Resolution Policy since 2006, the vast majority of them since July 2009.

That’s one more than Microsoft, about 50 more than Google and twice as many as Viagra maker Pfizer.

Lego has been particularly aggressive recently. As I’ve previously blogged, Lego lately files a UDRP complaint on average every three days.

The company is usually represented in these cases by Melbourne IT Digital Brand Services, the online trademark enforcement arm of the Aussie registrar.

The 236 cases equates to over $350,000 in WIPO fees alone. I’d be surprised if Lego has spent less than $1 million on UDRP cases over the last few years.

Lego has annual revenue of about $1.8 billion.

It has never lost a case. The company either wins the dispute, or the complaint is terminated before a finding is made.

It’s picked up some oddities along the way, notably including legogiraffepenis.com and legoporn.com.

Yet Lego does not appear to have the most UDRP cases under its belt. I believe that honor may go to AOL, which has filed at least 277 cases over the last decade.

NetSol to alert cops over domain hijacking

Network Solutions intends to “notify the proper authorities” after a high-profile customer had his account hijacked over the weekend.

Stephen Toulouse, head of policy and enforcement for Microsoft’s Xbox LIVE, lost access to stepto.com, including his web site and email, for several hours yesterday, after a disgruntled teenaged gamer persuaded a member of NetSol’s support staff to hand over the account.

In a statement published on its blog, the domain name registrar said it was an “isolated incident directed at a specific customer account”, adding:

We maintain a well developed processes to ensure that Social Engineering attempts or any identified security concerns are immediately alerted to a Supervisor, who will expedite the investigation, usually with the help of the Network Solutions Security team. In this case, the procedure was not followed, and we apologize for any trouble caused to our customer.

Our Security team continues to investigate this matter. Additionally, because we take this matter very seriously, we intend to notify the proper authorities with the evidence that we have gathered, so that they may investigate the person(s) responsible for the fraud.

According to a new YouTube video released by the person claiming responsibility for the attack, “Predator”, he’s 15. He blamed Toulouse for his frequent Xbox LIVE bannings.

While he said he perpetrated the attack to highlight insecurities in Xbox LIVE, he also offered to hijack other gamers’ accounts for up to $250.

Comments posted in response to his first post-attack video claim to reveal his true identity, but of course comments on YouTube are not what you’d call reliable evidence.

The video itself does reveal a fair bit of information, however, so I can’t imagine tracking him down will be too difficult, especially if Microsoft has his parents’ credit card number on file.

His YouTube channel also has videos of him operating a botnet. That’s a whole lot more serious.

Xbox security chief gets domain hijacked

The head of Xbox Live policy and enforcement at Microsoft has had his domain name compromised by a disgruntled gamer using a social engineering attack on Network Solutions

Stephen Toulouse, who goes by the screen name “Stepto” and has the domain stepto.com, seems to have also lost his email, hosting and, as a result, his Xbox Live account.

He tweeted earlier today: “Sigh. please be warned. Network solutions has apparently transferred control of Stepto.com to an attacker and will not let me recover it.”

Somebody claiming to be the attacker has uploaded a video to YouTube showing him clicking around Toulouse’s Xbox account, whilst breathlessly describing how he “socialed his hosting company”.

It’s a bit embarrassing for Toulouse. He was head of communications for Microsoft Security Response Center for many years, handling comms during worm outbreaks such as Blaster and Slammer.

Now at Xbox Live, he is, as the attacker put it, “the guy who’s supposed to be keeping us safe”.

But it’s probably going to be much more embarrassing for Network Solutions. When the tech press gets on the story tomorrow, difficult questions about NSI’s security procedures will no doubt be asked.

Toulouse has already made a few pointed remarks about the company on his Twitter feed today.

Social engineering attacks against domain name registrars exploit human, rather than technological, vulnerabilities, involving calling up tech support and trying to convince them you are your victim.

In this case, hijacking the domain seems to have been a means to control Toulouse’s email account, enabling the attacker to reset his Xbox Live password and take over his “gamer tag”.

The same technique was used to compromise the Chinese portal Baidu.com, that time via Register.com, in late 2009. That resulted in a lawsuit, now settled.

The attacker, calling himself Predator, was apparently annoyed that Toulouse had “console banned” him 35 times, whatever that means.

He seems to have left a fair bit of evidence in his wake, and he appears to be North American, so I expect he’ll be quite easy to track down.

Predator’s video, which shows the immediate aftermath of the attack, is embedded below. It may not be entirely safe for work, due to some casually racist language.

UPDATE (April 5): The video has been removed due to a “violation of YouTube’s policy on depiction of harmful activities”. I snagged a copy before it went, so if anybody is desperate to see it, let me know.

Microsoft spends $7.5 million on IP addresses

Kevin Murphy, March 24, 2011, Domain Tech

It’s official, IP addresses are now more expensive than domain names.

Nortel Networks, the bankrupt networking hardware vendor, has sold 666,624 IPv4 addresses to Microsoft for $7.5 million, according to Delaware bankruptcy court documents (pdf).

That’s $11.25 per address, more than you’d expect to pay for a .com domain name. Remember, there’s no intellectual property or traffic associated with these addresses – they’re just routing numbers.

This, I believe, is the first publicly disclosed sale of an IP address block since ICANN officially announced the depletion of IANA’s free pool of IPv4 blocks last month.

The deal came as part of Nortel’s liquidation under US bankruptcy law, which has been going on since 2009. According to a court filing:

Because of the limited supply of IPv4 addresses, there is currently an opportunity to realize value from marketing the Internet Numbers, which opportunity will diminish over time as IPv6 addresses are more widely adopted.

Nortel contacted 80 companies about the sale a year ago, talked to 14 potential purchasers, and eventually received four bids for the full block and three bids for part of the portfolio.

Microsoft’s bid was the highest.

The Regional Internet Registries, which allocate IP addresses, do not typically view IP as an asset that can be bought and sold. There are processes being developed for assignees to return unused IPv4 to the free pool, for the good of the internet community.

But this kind of “black market” – or “gray market” – for IP addresses has been anticipated for some time. IPv4 is now scarce, there are costs and risks associated with upgrading to IPv6, and the two protocols are expected to co-exist for years or decades to come.

In fact, during ICANN’s press conference announcing the emptying of the IPv4 pool last month, the only question I asked was: “What is the likelihood of an IPv4 black market emerging?”.

In reply, Raul Echeberria, chair of ICANN’s Number Resource Organization, acknowledged the possibility, but played down its importance:

There is of course the possibility of IPv4 addresses being traded outside of the system, but I am very confident it will be a very small amount of IPv4 addresses compared to those transferred within the system. But it is of course a possibility this black market will exist, I’m not sure that it will be an important one. If the internet community moves to IPv6 adoption, the value of the IPv4 addresses will decrease in the future.

I doubt we’ll hear about many of these sales in future, unless they come about due to proceedings such as Nortel’s bankruptcy sale, but I’m also confident they will happen.

The total value of the entire IPv4 address space, if the price Microsoft is willing to pay is a good guide, is approximately $48.3 billion.

Is Microsoft buying Kinect.com?

Kevin Murphy, December 30, 2010, Domain Sales

Did Microsoft just file a UDRP complaint on a typo of a domain name it doesn’t even own?

When Microsoft announced its new Kinect games console earlier this year, it did so without owning the domain kinect.com, as I blogged at the time.

But this week somebody – I’m guessing Microsoft – has filed UDRP on the typo wwwkinect.com, which was registered about the same time as the console launched and is currently parked.

The complainant’s name doesn’t seem to be available yet, but the case was filed the same day as several other Kinect-related UDRP cases that almost certainly are Microsoft’s work, such as microsoftkinect.com.

Kinect.com currently belongs to an advertising agency called CAHG. The domain isn’t resolving (for me) at the moment, which makes me wonder if it’s in the process of changing hands.

It would certainly be unusual for the company to own a typo of somebody else’s domain, although I don’t think there’s anything in the UDRP rules that would prevent it winning the case.

UDRP, after all, only compares contested domains against owned trademarks, not domain portfolios.

While Microsoft would not have a leg to stand on if it filed UDRP against the non-typo domain, I expect a good case could be made that the large majority of people typing “kinect.com” into their browsers are looking for Microsoft’s console.

Alexa is showing that kinect.com has experienced a 350% increase in traffic over the last three months, and has increased its Alexa rank by almost two million places.

UPDATE 2011/01/01: Microsoft now owns the domain.

Lego files a UDRP complaint every three days

Kevin Murphy, November 1, 2010, Domain Policy

Lego, maker of the popular building block toys, is rapidly becoming one of the most UDRP-happy big-brand trademark holders.

The company recently filed its 150th claim, and has so far recovered well over 250 domains that included its trademark.

With over 100 UDRPs filed so far in 2010, that works out to an average of roughly one complaint every three days, and a total spend easily into the hundreds of thousands of dollars.

Its success rate to date is 100%, with no complaints denied.

Its successfully recovered domains include oddities such as legogiraffepenis.com, which appears to be based on this amusing misunderstanding.

If Lego keeps up its current rate of enforcement, it will likely pass Microsoft in the next few months in terms of total cases filed. It’s already filed more than Yahoo and Google.

But it still has a long way to go to catch up with AOL, possibly the most prolific UDRP complainant, which has close to 500 complaints under its belt.

Microsoft wins Kinect domains, but still doesn’t own kinect.com

Kevin Murphy, August 22, 2010, Domain Policy

Microsoft has successfully recovered two domain names that contain its Kinect games trademark, but kinect.com still belongs to another company.

A National Arbitration Forum UDRP panelist handed Microsoft kinectxbox.com and xbox-kinect.com, which were registered on the eve of Kinect’s launch, calling the registrations “opportunistic bad faith”.

The registrant, located in France, said in his defense that he’d planned to create a fan site for the Kinect, which is an upgrade for the Xbox games console.

But he didn’t get a chance – the domains were registered on June 12, Kinect was announced the following day, and Microsoft had slapped him with a UDRP complaint by June 29.

As I reported back in June, kinect.com is currently registered to an ad agency called CAHG. I’d be surprised if Microsoft hasn’t tried to buy the domain already.

Interestingly, Microsoft, which looks like a client of Melbourne IT’s brand management service, does own kinect.co, but it currently redirects to a Bing search.

Russian domain crackdown halves phishing attacks

Kevin Murphy, August 20, 2010, Domain Tech

Phishing attacks from .ru domains dropped by almost half in the second quarter, after tighter registration rules were brought in, according to new research.

Attacks from the Russian ccTLD namespace fell to 528, compared to 1,020 during the first quarter, according to Internet Identity’s latest report.

IID attributed the decline to the newly instituted requirement for all registrants to provide identifying documents or have their domains cancelled, which came into effect on April 1.

The report goes on to say:

Following a similar move by the China Internet Network Information Center in December 2009, spam researchers suggested that this tactic only moves the criminals to a new neighborhood on the Internet, but has no real impact on solving the problem.

I wonder whose ccTLD is going to be next.

The IID report also highlights a DNS redirection attack that took place in June in Israel, which I completely missed at the time.

Apparently, major brands including Microsoft and Coca-Cola started displaying pro-Palestine material on their .co.il web sites, for about nine hours, after hackers broke into their registrar accounts at Communigal.