Security researchers have spotted an individual who registered 135 domains to host and push out tech support scams.
According to MalwareHunterTeam, the individual’s name and address are tied to 135 tech support scam domains, including 120 which are hosted on Internet domain registrar GoDaddy.
This isn’t the first time crooks have abused GoDaddy accounts for malicious purposes. For instance, back in May, a rogue advertiser hijacked poorly protected GoDaddy accounts, which they in turn incorporated into a malvertising attack that targeted two TV stations affiliated with the American CBS TV network.
Most of the domains registered in the individual’s name host tech support scams, which may or may not lock a user’s computer screen or impersonate their ISP. Some host scareware, while others appear to currently be offline.
Then again, it’s no surprise something mischievous would originate from system-blocked-due-to-malacious-activity-error101c11cmd[dot]info or security-essential-update-failed-call-support[dot]info.
Scam hosted by GoScammers: security-essential-update-failed-call-support[.]info
Registrant is a hardcore scammers… pic.twitter.com/KHSA6nmZEk
— MalwareHunterTeam (@malwrhunterteam) June 30, 2016
What is a surprise to MalwareHunterTeam is the fact that there’s no deny-list to prevent known bad actors from registering scam domains. As the researcher told Softpedia:
“This is a big business. And no one on Earth does anything against them. The main problem is that this man could register 100+ scam domains (the domain names are telling that they are scam) starting from the first days of April, without any problem. It’s simply crazy… And it’s just one man.”
MalwareHunterTeam also claims they sent a full text file of the scam domains to GoDaddy but that the registrar has done nothing.
Catalin Cimpanu of Softpedia attributes this lack of action to an overabundance of reports flooding GoDaddy’s abuse department:
“Nobody’s saying that GoDaddy is protecting such activities, but its abuse department is completely overwhelmed at the moment. To be fair, there are plenty of other Web hosting firms that don’t even run an abuse department, and the only way to reach them is through the national CERT teams. But, there are also awesome hosting firms, that kill these sites in three or seven minutes, only after a tweet and without having to fill in countless of forms.”
In the absence of meaningful action from GoDaddy and other domain registrars, users are urged to not fall for a tech support scam. No one from a legitimate technology company will ever contact you out of the blue and warn you about suspicious programs on your computer, so be sure to not give those people any personal or financial information.
If you feel you have a tech support issue, make sure to contact the appropriate company directly using its published contact details.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.