Thursday, October 30, 2008

EstDomains is dead ...

EstDomains is a domain registrar operating from Estonia. They've been the largest registrar used by online criminals for their domain name registration needs. ICANN has pulled the plug on EstDomains, and is removing EstDomains from the list of ICANN-accredited registrars. Most of us first ran into EstDomains in 2005, when investigating the infamous WMF vulnerability. Initially the main site distributing malicious WMF files,, was registered via this new Estonian registrar.
Since then, tens of thousands of malicious domains have been registered with EstDomains. These include drive-by-download sites, botnet command-and-control servers, spammed domains and so on.

So this is really good news but it took a long time for ICANN to do this.
Nevertheless ... thank you ICANN.
You can read more at the Blogs from F-Secure and McAfee.