Posted by Virus Bulletin on Feb 24, 2010
Stricter rules on registering .cn domains leads to increase in malicious .ru domains.
A change in the rules of the organization responsible for registering .cn domains has resulted in a drop in the number of spam messages referencing Chinese top-level domains, with Russian domains moving in to fill the gap.
Until recently, a large proportion of the URLs found in spam messages contained a Chinese .cn top-level domain; these domains were both cheap and very easy to register, making them ideal for spammers.
However, in December the China Internet Network Information Center (CNNIC) - the organization responsible for handing out .cn domains - changed its rules. It is now no longer possible to register a .cn domain unless one has a bona fide business license. Meanwhile, the CNNIC has also announced that it intends to verify previously registered .cn domains.
As soon as the new rules came into effect, the relative occurrence of .cn domains in spam messages dropped significantly. Now, new research by Symantec has shown that .cn domains have almost completely disappeared from spam messages. Instead, spammers appear to be turning to Russian .ru domains to advertise their wares - on some days 40% of spam messages contain such a domain.
While the CNNIC's new regulations seem to have done little harm to spammers, the changes are good news for the reputation of .cn domains and for the large number of legitimate users using such domains: they are now less likely to see their emails and websites blocked by over-zealous filters. For the large number of genuine businesses and end-users using .ru domains, one can only hope that similar stricter regulations will be brought in soon.