Over 2 Million Users Installed An Infected Computer Utility

Weekly Axis Of Easy #18

In this issue:

• Avast’s free CCleaner infected with malware
• Spanish Government seizes control of .CAT TLD Registry
• IoT Botnet regeared to send spam
• Man who held company domain & website hostage goes to prison

       Some easyDNS news this week:

• easyDNS now supports CAA type DNS records
• Notes from my talk to the Ethereum Name Service (ENS) Working Group

Avast’s free CCleaner infected with malware

Piriform, the parent company to Avast and their free computer cleanup utility “CCleaner” revealed in a blog post that 2.27 million users had installed the 32-bit Windows version of the program which was infected with malware.

Security researchers subsequently discovered that another piece of malware also piggy-backed on the root infection, crafted to specifically target “high value targets” within the tech industry (names like Cisco, Intel, Microsoft, & Google among others).

Read: https://techcrunch.com/2017/09/18/avast-reckons-ccleaner-malware-infected-2-27m-users/

Spanish Government seizes control of .CAT TLD Registry

On October 1st, the citizenry of Catalonia (an autonomous region of the Spanish mainland near Mallorca containing the absolutely splendid city of Barcelona)  will vote in a referendum on independence from Spain. The Spanish government is not amused and has been clamping down hard on pro-separatist factions, including raiding and seizing the headquarters for the .CAT Top Level Domain Registry in order to quash pro-independence websites.

The Registry operator PuntCAT sent this letter to ICANN to protest the Spanish government’s use of force to quell online speech.

IoT Botnet re-geared to send spam

When people think “Internet of Things Botnets”, they usually think “DDoS Attacks” such as the Mirai Botnet and it’s absolutely devastating attack on DNS provider Dynect nearly 1 year ago. (Remember folks, if you absolutely, positively must have 100% DNS availability, all the time, you need to use multiple DNS systems.

IoT Botnets are evolving. In recent months they have retooled themselves by installing SOCKS5 proxies in the devices they infect and using them to relay spam. All of this made possible by vendors shipping internet connected devices with crappy default configs (world accessible) and even crappier default admin logins (“admin/admin”).


Man who held company domain & website hostage narrowly avoids prison

We have been warning for years, this is a near-mantra here: “Always register your business domains in the name of the business!”. Not your consultant, not your employee, not your ISP.

An IT company in Phoenix, Arizona found out the hard way when their consultant registered their domain using his own name, and years later, when they asked him for access to the domain so that they could make changes – he demanded to be paid $10,000. He also redirected their corporate website to a gay pornography site to ratchet up the pressure.

After a plea deal with the DoJ, the perpetrator has earned himself a 4-year federal probation after prosecutors deemed his actions “a one time lapse in judgement”.

Some easyDNS news this week:

easyDNS now supports CAA type DNS records

The CA/Browser forum voted earlier this year to make CAA DNS checks mandatory, starting this month. This is facilitated using the new DNS RR Type: “CAA”, which is now available within your control panel.

Notes from my talk to the Ethereum Name Service (ENS) Working Group

In August I was invited to participate in the first Ethereum Name Service (ENS) workshop in London, UK. ENS is a naming system built atop the Ethereum blockchain under their .ETH top level domain.

I gave a short talk on layering DNS atop the blockchain and it’s now available on our blog, along with my overview of the ENS situation.

The new newsletter I’ve been planning will be called “Guerrilla Capitalism”. it will hone in on disruptive technologies such as blockchain and how your business can utilize them to better compete with the 800 lb Gorilla in your space. Get on the list here.

Leave a Reply

Your email address will not be published. Required fields are marked *