SECURITY EXPERTS have criticised Google’s decision to ban all .co.cc domains from search results, claiming that it’s both inefficient in preventing abuse and unsustainable in the long run.
Google took the unprecedented step of deindexing the entire .co.cc second-level domain (SLD) at the beginning of this month because of the high number of malicious web sites registered under that namespace.
The internet search giant hinted that something like this might happen in an earlier blog post about abusive bulk subdomain services, in which it said that “in some severe cases our systems may now flag the whole bulk domain“.
The .co.cc registry is run by a Korean company and contains over 11.3 million domain names. The service allows bulk registrations of up to 15,000 domain names. Its low price and flexibility have made .co.cc domains a favorite for cyber-criminals, especially those running fake antivirus schemes.
However, it isn’t the only SLD available to scammers. According to security researchers from Trend Micro, while co.cc is responsible for the highest number of malicious URLs, co.tv, wo.tc, dlinkdns.com, cz.cc and other similar services also rank high in the statistics.
Trend Micro experts see several flaws in Google’s approach to this problem. First of all, any of the aforementioned SLDs can take .co.cc’s place if the cyber crooks are no longer satisfied with the service.
This will lead to more bans, each of them hurting non-abusive domain owners as well. In fact, legit .co.cc web sites are probably most affected by the current ban anyway, because online criminals regularly keep these domains out of search results.
“If we chart the typical infection chain for the majority of blackhat SEO attacks nowadays, you will notice that the malicious SLDs are more often used for the second, third, up to the fourth jumps or redirections.
“The doorway pages – those that are actually indexed by search engines – very rarely use *.co.cc. So, blocking these makes no sense,” argues Martin Roesler, Trend Micro‘s director of threat research.
And Google’s approach will be even more problematic in the future. Beginning in 2012, ICANN will expand the domain name system by allowing the registration of arbitrary top-level domains (TLDs). This will significantly increase the number of options for cyber-criminals and will make ban enforcement much harder.
Security experts think that the best way to tackle this is for Google to work with TLD registry operators to put pressure on SLD owners to keep their houses clean. For example, the .cc registry operator has the power to suspend all .co.cc web sites and prevent them from working. Such a measure would hurt cyber-criminals a lot more than Google’s ban and would put pressure on bulk registrars to clean up their acts.