Top-Level Domain .US Harbors Prolific Malicious Link Shortening Service

Researchers at Infoblox have discovered thousands of newly registered domains in the .US top-level domain that are tied to a malicious link shortening service used for phishing and malware scams. These domains, typically three to seven characters long, are hosted on bulletproof hosting providers that ignore abuse or legal complaints. The short domains are used to obfuscate the real address of landing pages that attempt to phish users or install malware. The researchers suspect that the phishing and malware landing pages are promoted through scams targeting people on their phones via SMS. The .US domain has been identified as one of the most prevalent in phishing attacks. The National Telecommunications and Information Administration (NTIA) oversees the .US domain, but it is managed by private companies that have allowed it to become a hub of phishing activity. Researchers also found that many malicious link shortener domains in .US have subverted transparency requirements and converted to private registrations. Industry groups have opposed a proposal by NTIA to redact all registrant data from .US domain records, which they argue would remove accountability for cybercrime activity.