Phishing have been a major security concern to the Internet community, particularly to registries and registrars. Phishing domains are NOT useful at all and harmful to business and trust for any Top-Level Domains. This week some registrars themselves were fighting against phishing attacks (link). Yesterday, Network Solutions (NSI), one of the largest domain registrars in the industry, reported that they were also encountering phishing attacks and some were originated from a few .asia domains. Below is a screen-shot of the phishing site (click to enlarge)
The phishing domains reported by NSI were com21.asia, com42.asia, and com55.asia. According to the WHOIS record, the names are registered by someone in Russia and the registrar is from China. Obviously the phisher would like to get registrant ID and Pwd in order to access DNS record setting or even can issue domain transfer-away request as a genuine user. Upon receiving alert from NSI, DotAsia immediately issued an emergency security notice to the registrant and the registrar meanwhile suspended (domain was put on "hold" status) the domains from any access. By responding quickly at the registry level, the damage hopefully can be stopped somehow.
The phisher played smart too. According to an industry expert:
The other ongoing concern is that if the phisher moved the site around to another IPs or domains, in the industry term called Fast flux Hosting, it's then even harder for just one entity to respond to it. Therefore cross-registry and cross-ISP mechanism at the global level like APWG are definitely useful.
As a user you may want to make sure your registrar offers a "domain lock" feature, meaning besides regular ID and PWD for the account, another set of access code is required in order to make change on DNS record or domain transfer request.
This, being a personal web site, and the comments herein, shall be construed to reflect only those views held by the author (Ching Chiao) and not by the author's employer or any other associated organizations.