back to article 'Domain shadowing' hijacks registrar accounts to spawn attack sites

Fiends behind the world's most infamous exploit kit Angler are stealing login credentials to create tens of thousands of pop-up domains used in hit-and-run -style attacks. The new attacks are dubbed 'Domain Shadowing' and represent the latest evolution of online crime in which scores of web sites are set up to compromise …

  1. Anonymous Coward
    Anonymous Coward

    They aren't targetting the registrar

    They're targeting its customers who, in my experience, think a five-letter word followed by a number is a good password.

  2. Stuart 22

    Sorry to be so thick ...

    But is this about DNS hijacking rather than Registrar hijacking (though of course some people do use the Registrar's own DNS). And is it just normal credential compromise that is concentrating on logins from a small number of registrars so they can play about with the DNS there?

    The point of these articles is surely to alert us as to new threats. Can you please remember that some of us have had our sharpness blunted by many years of SysAdmining and need things spelt out a little simpler. Anyone?

    1. Irongut Silver badge

      Re: Sorry to be so thick ...

      At least it mostly makes sense. I made the mistake of reading a supposedly technical article on Ars yesterday about hacking BlueRay disks. It was a confused and contradictory mess of ignorance and FUD that made no sense whatsoever. They actually claim that viruses spread by USB before they did by CD/DVD!

  3. Missing Semicolon
    Unhappy

    Well that explains why my GoDaddy account is locked out!

    Urk!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020