Hi Swinogers

It's not an actual case where we are involved in, nor did it happen in
switzerland, but I'm in contact with a registrar and hoster that
probably is in this situation.

A customer registered a domain and booked a web and email service. The
booking were made in the name of an apparently newly created company.
Everything looked legit, the domain owner wanted his privacy protected
by a whois proxy provider.

That company sent emails to various recipients, that led those
recipients to their website to download some documents.

Those documents were infected with the locky ransomware. It's clear
that this is not a hacked site, but a site built purposefully to
distribute that malware and make it look legitimate.

The hoster reacted quicky to complaints, took the site offline and
removed the DNS entries to prevent further damage.

But what can the hoster/registrar do next? Can he contact his
government's CERT team or the authorities and hand them over the
customer data, ip addresses used to upload the site etc. to try to get
hold of the gang behind that fraud as quickly as possible? Or would that
break the privacy laws and they have to wait to get a subpoena, which
could take several weeks and give the gang enough time to clear all

-BenoƮt Panizzon-
I m p r o W a r e   A G    -    Leiter Commerce Kunden

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch

swinog mailing list

Antwort per Email an