- Joined
- Apr 9, 2009
- Messages
- 3,070
- Points
- 0
THE next time you click on an unfamiliar website ending with .sg, think twice.
Spam masters are zeroing in on the .sg domain. Singapore was singled out as the 10th-riskiest domain out of 104 worldwide in a recently released McAfee report - and the rise of such sites, said experts, could cause Internet users worldwide to lose trust in Singapore websites.
The report warned that more .sg domains are being used for phishing and spam activities and to serve up viruses - almost one out of every 20 (4.6 per cent) tested by the security company this year.
The jump is spectacular - from just 0.3 per cent last year to 4.6 per cent this year.
In contrast, Hong Kong and Japan were noted for their "aggressive steps to clamp down on scam-related registrations" and stricter registration requirements for domain names.
McAfee senior research analyst Shane Keats noted that pharmacy sites touting pills were the main route used to send spam.
Some examples of such sites, no longer active, include www.overthenetdrugs.sg and www.overnightpharmonline.sg Singapore's position in the world as a financial centre also makes it vulnerable.
Mr Keats said: "Later this year, we saw a shift towards a lot of .sg phishing sites that mimic real financial websites and try to trick people into entering sensitive information, like bank-account numbers.
"We have (also) recently seen .sg sites serve up the Koobface virus that has affected many social networks."
On the potential implications for Singapore, computerscience academic Liang Zhenkai of the National University of Singapore said: "The rapid increase in the number of risky .sg sites may cause users to have less trust in Singapore sites.
"However, although users may avoid random Singapore sites, commercial and other reputable sites should not be greatly affected."
Scammers and hackers exploit domain registrars and sellers who allow clients to register names with no questions asked, in bulk or with a "pay later" approach, said Mr Paul Ducklin, head of technology at IT security firm Sophos (Asia-Pacific).
However, he added that his company has not seen a rise in such malicious Singapore websites. Possible measures for cracking down on such cybercriminals include getting domain registrars or the registration authorities to verify the identities of the people who create malicious sites, said Associate Professor Liang.
However, this is more easily said than done, said industry players here, as the people behind these websites do not always reside in Singapore.
The national registry of domain names, the Singapore Network Information Centre (SGNIC), sells domains wholesale to SGNIC-accredited domain registrars such as IP Mirror and WebVisions, some of whom in turn sell them to domain resellers.
The Infocomm Development Authority of Singapore, which owns SGNIC, was unable to reply by press time when contacted for comment.
Industry players say documentary proof is required to register commercial, organisational or government-related domains.
However, they explained that an applicant needs only an Internet connection, valid credit- card information, a name and an e-mail address to register a .sg address (for example, www.abc.sg).
Some or all of these required information could easily be false.
This makes it difficult to track down or verify the identities of individuals, especially if they are based overseas.
While software, identity and credit-card checks are in place to alert domain registrars to malicious sites and shut them down, the few days the sites are in operation can be enough for cybercriminals to collect information from vulnerable users, said Ms Janna Lam, chief executive of IP Mirror.
Mr Derek Wong, an interactive- business manager at Domain reseller IT Works, said: "While we have anti-virus and spam-filters in place, we can?t prevent spam totally as filters that are too strict will block off legitimate e-mail messages."
It takes only $40 to $200 a year to register and host a Singapore domain, said industry players.
Over 100,000 new domains are registered in Singapore each month, according to online SGNIC statistics last updated in May.
Spam masters are zeroing in on the .sg domain. Singapore was singled out as the 10th-riskiest domain out of 104 worldwide in a recently released McAfee report - and the rise of such sites, said experts, could cause Internet users worldwide to lose trust in Singapore websites.
The report warned that more .sg domains are being used for phishing and spam activities and to serve up viruses - almost one out of every 20 (4.6 per cent) tested by the security company this year.
The jump is spectacular - from just 0.3 per cent last year to 4.6 per cent this year.
In contrast, Hong Kong and Japan were noted for their "aggressive steps to clamp down on scam-related registrations" and stricter registration requirements for domain names.
McAfee senior research analyst Shane Keats noted that pharmacy sites touting pills were the main route used to send spam.
Some examples of such sites, no longer active, include www.overthenetdrugs.sg and www.overnightpharmonline.sg Singapore's position in the world as a financial centre also makes it vulnerable.
Mr Keats said: "Later this year, we saw a shift towards a lot of .sg phishing sites that mimic real financial websites and try to trick people into entering sensitive information, like bank-account numbers.
"We have (also) recently seen .sg sites serve up the Koobface virus that has affected many social networks."
On the potential implications for Singapore, computerscience academic Liang Zhenkai of the National University of Singapore said: "The rapid increase in the number of risky .sg sites may cause users to have less trust in Singapore sites.
"However, although users may avoid random Singapore sites, commercial and other reputable sites should not be greatly affected."
Scammers and hackers exploit domain registrars and sellers who allow clients to register names with no questions asked, in bulk or with a "pay later" approach, said Mr Paul Ducklin, head of technology at IT security firm Sophos (Asia-Pacific).
However, he added that his company has not seen a rise in such malicious Singapore websites. Possible measures for cracking down on such cybercriminals include getting domain registrars or the registration authorities to verify the identities of the people who create malicious sites, said Associate Professor Liang.
However, this is more easily said than done, said industry players here, as the people behind these websites do not always reside in Singapore.
The national registry of domain names, the Singapore Network Information Centre (SGNIC), sells domains wholesale to SGNIC-accredited domain registrars such as IP Mirror and WebVisions, some of whom in turn sell them to domain resellers.
The Infocomm Development Authority of Singapore, which owns SGNIC, was unable to reply by press time when contacted for comment.
Industry players say documentary proof is required to register commercial, organisational or government-related domains.
However, they explained that an applicant needs only an Internet connection, valid credit- card information, a name and an e-mail address to register a .sg address (for example, www.abc.sg).
Some or all of these required information could easily be false.
This makes it difficult to track down or verify the identities of individuals, especially if they are based overseas.
While software, identity and credit-card checks are in place to alert domain registrars to malicious sites and shut them down, the few days the sites are in operation can be enough for cybercriminals to collect information from vulnerable users, said Ms Janna Lam, chief executive of IP Mirror.
Mr Derek Wong, an interactive- business manager at Domain reseller IT Works, said: "While we have anti-virus and spam-filters in place, we can?t prevent spam totally as filters that are too strict will block off legitimate e-mail messages."
It takes only $40 to $200 a year to register and host a Singapore domain, said industry players.
Over 100,000 new domains are registered in Singapore each month, according to online SGNIC statistics last updated in May.
