Please excuse my ignorance about this topic: Would it be possible for the larger DNS community to blacklist and stop serving domains from registrars that are known to be friendly to malware authors? For example, the recent FileZilla malware [1] uses domains hosted by Naunet.ru. The Avast staff say that registrar "ignores requests to suspend illegal domains."
If major DNS providers (ISPs, Google, corporate admins, etc) apply a blacklist, malicious registrars would be much less valuable, and malware authors would be forced to hardcode IPs instead of hostnames. Is this already being done by anyone? Browsers such as Chrome and Firefox use a blacklist to discourage users from visiting malware sites, so there is at least some precedent. Of course there are technical, logistical, philosophical and possibly even legal reasons that might make this difficult, but at first take it seems like this might be an effective malware deterrent. Thanks, Dan [1] http://blog.avast.com/2014/01/27/malformed-filezilla-ftp-client-with-login-stealer/ _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
