EstDomains: A Sordid History and a Storied CEO

In this second part to an ongoing investigation into the notorious Web site host and domain name registrar EstDomains Inc., Security Fix examines the company's history, the legacy of its current chief executive, and its future prospects.

The "Est" in EstDomains is a nod to the company's origins: It was founded in Tartu, the second largest city in Estonia (although the corporation is officially registered in Delaware). The chief executive of EstDomains is 27-year-old Vladimir Tsastsin, pictured below.

Tsastsin also is named as the head of Rove Digital, a company that appears to encompass a domain auction service named Bakler.com, and a recently launched Web traffic-shaping service called Zmot.

Read more ...
Brian Krebs on Computer Security. The Washington Post Company.

A Superlative Scam and Spam Site Registrar

Over the past week, a number of the Internet's largest data carriers have ceased providing online connectivity to Atrivo (a.k.a. "Intercage"), an ISP that security experts say is home to a huge number of scammers and spammers. This week, I'm turning the spotlight on EstDomains Inc., Atrivo's most important customer and the single biggest reason so many experts have condemned Atrivo.

According to RegistrarStats.com, EstDomains is the 49th largest domain name registrar, with more than 270,000 domains. Security Fix is still working on cataloging all of those domains, but for the purposes of this analysis we'll examine some 10,000 Web site names that are both registered through EstDomains and using the company's various domain name servers to route traffic to them.

I chose to focus on that particular subset of 10,000 domains mainly so that EstDomains could not simply disavow knowledge of the sites' activities by claiming it serves as nothing more than a registrar for those domains.

Turns out, at least one-third of those domains (.CSV) are currently blacklisted by SURBL.org, which tracks Web site names that are advertised in junk e-mail.

Have a look at the complete list of those 10,000 names -- which I've made available at this link here (.CSV file) -- and it should quickly become evident why so many are blacklisted.

Read more ...
Brian Krebs on Computer Security. The Washington Post Company.

Beware of Five-Star Vaporware

U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else's software received the same "5-star" rating and high praise from various software directories and download sites.

Curious about just how thorough the sites are at reviewing software, Brice submitted a fake program that did absolutely nothing. The place he sent the program to was a clearinghouse that distributes shareware and trialware to hundreds of other sites.
Brice even included a descriptor file stating that he was submitting a useless program, which he tauntingly named "awardmestars." To his amazement, the do-nothing program came away with top honors -- complete with official-looking seals of approval -- from at least 16 download sites.

"I should be delighted at this recognition of the quality of my software, except that the 'software' doesn't even run," Brice wrote of the experiment on his blog. "This is hardly surprising when you consider that it is just a text file with the words 'this program does nothing at all" repeated a few times and then renamed as an .exe."

Of the nearly 1,000 download sites that received a copy of "awardmestars," 218 now offer the file for download. Brice said the junk file is awaiting review at nearly 400 other sites. The good news is that some 421 download sites did see the program for what it was worth and rejected it outright.

"The truth is that many download sites are just electronic dung heaps, using fake awards, dubious [search engine optimization] and content misappropriated ... in a pathetic attempt to make a few dollars from Google Adwords," Brice said. "Hopefully these bottom-feeders will be put out of business by the continually improving search engines, leaving only the better sites."
This story got picked up late last week by news-for-nerds megasite Slashdot.org, and the discussion has some interesting perspectives from other programmers and their experiences with software awards.

While there may indeed be hundreds of legitimate download sites that don't try to pull one over on visitors, I've never strayed far beyond a handful of sites that I have come to know fairly well, such as CNet's Download.com, SourceForge.net, and Tucows.com.

Security Fix
Brian Krebs on Computer Security
The Washington Post Company