Hackers have registed many malicious sites on EstDomains
EstDomains Inc was known to be in the top 50 largest domain registrars from a report on RegistarStats.com. Many security researchers have identified that EstDomains was the registrar for many malicious websites that may have promoted, distributed and sold malicious files and programs to computer users over the internet.
We have tracked many malicious websites in the past and have compiled a long list of them on our Malicious Website List. If you look closely at many of the sites that were deemed malicious, you will notice that they have EstDomains Inc listed as the registrar. This may tell you something about the management of such a registrar to allow this to happen. Is it that they are on business together?
The actual reasons for EstDomains being terminated are listed on the icann.org website. Below is a short description of the reasons for the termination of EstDomains to take place effective November 24, 2008.
The termination of ICANN-accredited registrar EstDomains is to go ahead, effective 24 November 2008.
On 28 October 2008, ICANN sent a notice of termination to EstDomains, Inc. (EstDomains) based on an Estonian Court record reflecting the conviction of EstDomains’ then president, Vladimir Tsastsin, of credit card fraud, money laundering and document forgery.
Pursuant to Section 5.3 of the Registrar Accreditation Agreement (RAA), ICANN may terminate the RAA before its expiration when, “Any officer or director of [a] Registrar is convicted of a felony or of a misdemeanor related to financial activities, or is adjudged by a court to have committed fraud or breach of fiduciary duty, or is the subject of judicial determination that ICANN deems as the substantive equivalent of any of these; provided such officer or director is not removed in such circumstances.”
ICANN received a response from EstDomains on 29 October in which it indicated that the Estonian Court record on which ICANN relied was not final and had been appealed. ICANN pended the termination of EstDomains’ RAA to analyze the claims made by EstDomains and to obtain independent information regarding the status of the alleged appeal.
On 7 November 2008, EstDomains was informed that, based on ICANN’s findings, ICANN was proceeding with the termination of EstDomains’ RAA, effective 24 November 2008.
ICANN’s records indicate that EstDomains manages approximately 281,000 domain names. To protect the interests of registrants, on 28 October 2008, ICANN published a Request for Informations seeking expressions of interest from registrars to receive a bulk transfer of the domain names managed by de-accredited registrar EstDomains.
ICANN is analyzing the responses to that request and will take measures to effectuate a smooth transition of the domain names managed by EstDomains to a qualified ICANN- accredited registrar.
As you can see, the proceedings for the termination are already put in motion starting with a notice. Not a big surprise to find out about the president of EstDomains, Inc.’s malicious activities such as those may lead to this type of destruction.
Did you ever suspect companies harboring malicious sites? Do you think this is a big step in the right direction to eliminate malicious sites and expose others that may be part of the scam that many of these sites carry out?