Issue No. 02 - February (2006 vol. 39)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2006.67
False Domain-Name Database Information Plagues Internet
Efforts to correct inaccuracies in the whois database—which holds contact information for individuals and organizations worldwide that register domain names—have not been effective, according to a US government investigation.
The US Government Accountability Office's study indicates this could pose a problem for Internet security. The GAO report said law-enforcement agencies use whois contact data to help identify the source of spam and to investigate intellectual-property misuse, online fraud, and other criminal activities.
The GAO report estimates that, based on an analysis of 900 randomly selected domain names, about 5 percent of the 44.93 million .com, .net, and .org entries—approximately 2.3 million—have obviously inaccurate contact data. This includes entries with e-mail address, phone number, name, and mailing-address fields that are filled with gibberish.
The GAO also said about 3.7 percent of the three types of domain names—a total of about 1.6 million—have incomplete contact data, which may make it difficult to contact owners about problems.
However, noted Linda Koontz, the GAO's director for information management issues, the agency didn't assess how easy it is to contact Web site proprietors based on whois data.
The agency also did not try to determine why users entered whois data incorrectly or whether it was done deliberately. Moreover, the GAO did not look for correlations between whois inaccuracies and specific security issues, according to Koontz. And, she noted, there are many Internet security issues unrelated to whois inaccuracies.
The Internet Corporation for Assigned Names and Numbers—a nonprofit agency responsible for Internet Protocol address allocation, root-server system management, and related tasks—tracks complaints of false whois information and sends them to the applicable domain-name registrars to investigate.
Most users register and pay for domain names via a Web-based form, on which they are supposed to enter contact information. Domain-name registrars, accredited by ICANN, are responsible for obtaining whois entries; making them publicly available; investigating and correcting contact information in response to reported inaccuracies, including contacting the owners; and suspending or canceling noncompliant accounts.
ICANN's last annual report showed that there were 31,533 complaints regarding 16,941 domain names (with multiple complaints for some accounts) and that about 63 percent of the accounts were corrected, suspended, or inactivated. The GAO submitted 45 error reports to ICANN, but, Koontz said, 33 were not corrected within 30 days.
ICANN conducts regular compliance reviews of domain-name registrations and is improving whois data's accuracy, such as by instituting an improved compliance program, noted Tanzanica S. King, the agency's communications and operations specialist.
New Worm Chats Up Its Victims
Hackers have written what is apparently the first instant messaging (IM)-based worm that "chats" with potential victims. The chatting is designed to convince users that the message is legitimate and that they should click on a hyperlink to a Web site that activates a malicious payload.
According to IMlogic, an enterprise-IM-software vendor, the worm—which the company named IM.Myspace04.AIM—affects users of America Online's Instant Messenger (AIM) and initially appears to be a message from a person trying to chat.
This worm arrives in a message that looks as if it was from someone on the recipient's buddy list who is using the MySpace social-networking site. The message includes a link, supposedly to a photo, that if clicked on directs the recipient to a Web page that hosts the malware as the clarissa.pif program information file, explained Art Gilliland, IMlogic's vice president of products. The site automatically asks recipients if they want to run, save, or cancel the file.
Users who run the file install the malware on their computers. Otherwise, the worm won't spread, noted David Perry, director of global education for security vendor TrendMicro.
If users first respond to the initial message, perhaps asking about the nature of the link, the worm automatically replies in Internet slang, "lol no its not its a virus" or "lol thats cool." The apparent live response is designed to encourage recipients to click on the link to the malicious file, said Gilliland.
The malware sends itself to contacts on the victim's buddy list. Because the worm operates in the background, the victim doesn't notice the worm sending out infected messages to others. "It can run for a long time before being noticed, if it ever is," explained Tim Johnson, IMlogic's director of threat-center operations.
The application, he noted, also creates executables that can download files and make changes to the host system's registry. One change launches the worm every time victims start their computers, enabling the malware to spread further. Another blocks the Internet connections that antivirus software uses to obtain updated virus signatures. The software then continues working but without the updates that could detect current and revised versions of the worm.
Future IM.Myspace04.AIM versions could install a backdoor to let hackers send commands to victims, according to Gilliland. And variations already capture user keystrokes, including those for sensitive information such as passwords and bank-account numbers, said Johnson.
AOL did not respond to numerous requests for comments about the worm.
Will We Access the Internet via Gas Pipes?
A US company is working on technology that would deliver broadband Internet and other data services through natural-gas pipes, even when fuel is passing through them. If successful, the currently untried technology would inexpensively provide the additional bandwidth required to deliver new video applications such as high-definition TV (HDTV).
Nethercomm is working on broadband-in-gas (BiG) technology that would handle data at speeds between 100 Mbits and 1 Gbit per second, depending on the deployment, said Nethercomm founder and CEO Patrick Nunally. The system would work via radio-based ultrawideband (UWB) wireless transceivers mounted on the outside of gas pipes at customers' service meters, as well as directional antennas installed inside.
Each transceiver can transmit signals up to 1,000 meters, via the antenna, to the next transceiver. This propagates signals between nodes.
UWB transmits large amounts of data in short, energy-efficient electrical pulses over a wide frequency spectrum.
Nunally said BiG would offer a less expensive, higher-capacity alternative to cable-based broadband, which will become more expensive as cable systems become fully digital.
And DSL can't support multiple high-capacity applications, such as HDTV, said Kirsten West, principal analyst at West Technology Research Solutions, a market analysis firm.
BiG could help independent network-service providers, whose ability to use existing cable or phone infrastructures were hurt by recent US federal court and administrative decisions.
Also, in most cases, BiG could be less expensive to deliver than DSL, cable, and optical-fiber services, particularly where infrastructures must be installed, noted a recent West Technology study. This is because a gas-pipeline infrastructure is already in place, explained West.
Natural gas serves about 70 percent of households and 35 percent of businesses in the US, according to West Technology senior analyst George West.
Although BiG is an unusual approach to broadband, it has some industry credibility because Nethercomm's Nunally is the former chief technology officer for Patriot Scientific and the former president and CEO of Intertech. He holds about 135 patents worldwide and has received many awards.
Nonetheless, BiG faces challenges. It's unclear exactly how well UWB would function inside a gas pipe, many buildings don't use gas service, and utilities may be reluctant to work with the technology.
The company, which eventually hopes to license its technology to service providers, plans to launch a pilot program this summer in Arizona and Illinois.
West Technology predicts that 3.9 million households will subscribe to BiG services by 2008, and 18.6 million by 2010, based on the business relationships Nethercomm is developing and the demand for new broadband services.
News Briefs written by Linda Dailey Paulson, a freelance technology writer based in Ventura, California. Contact her at email@example.com.