February Domain Pricing changes

Changes in domain pricing amongst the largest providers over the past month have been fairly minor. 1&1 Internet now charges $5.88 a year for a .com domain, down from $5.99 as it adjusted to fit its "49 cents a month" web site marketing. Go Daddy returned to $7.95 annually for .com names after a brief hike to $8.95 last month. Go Daddy's most aggressive discounting is for .us and .biz domains, which are currently priced at $4.95 a year.

Retail Domain Name Prices, Jan. 2004
Company One-year
.com price
&nbspPrimary Business&nbsp Primary Region
1&1 Internet AG $5.88 Mixed Hosting Europe
EV1Servers $6.49 Dedicated Hosting America
Hostway $6.95 Shared Hosting America
Web.com $6.95 Mixed Hosting America
GoDaddy Inc $7.95 Domain Registrar America
RegisterFly $9.99 Domain Registrar America
Host Europe $13.29 Mixed Hosting Europe
Dotster $14.95 Domain Registrar America
FastHosts $17.12 Mixed Hosting Europe
Verio $19.00 Mixed Hosting America
eNom $29.95 Domain Registrar America
The Planet $30.00 Mixed Hosting America
Network Solutions $34.99 Domain Registrar America
Register.com $35.00 Domain Registrar America
Melbourne IT $35.00 Domain Registrar America

Hostway has acquired RegistryPro from Register.com, and will be the registrar of .pro domain names when they launch in the second quarter. The deal is subject to approval by the Internet Corporation for Assigned Names and Numbers (ICANN). The financial terms of the acquisition were undisclosed. "We believe lawyers, accountants, doctors and service professionals will be eager to use the .pro domain as a way of identifying and differentiating their professional status," said Lucas Roh, President and CEO of Hostway, which will honor all existing .pro sunrise registrations. The .pro extension is available exclusively for lawyers, accountants and doctors, and bundles a domain name and digital certificate.

Strato, Network Solutions Dispute Resold Domains

Internet titans Strato and Network Solutions are battling over the fate of more than 200,000 .com, .net and .org domains registered by Strato through a reseller agreement with Network Solutions, which manages those top-level domains. Strato, one of the largest hosting companies with more than 1.9 million hostnames, wants to relocate the domains to its own subsidiary at a reduced rate. Network Solutions responded with e-mails to the domain owners - who registered their domains through Strato - asserting they needed to deal directly with Network Solutions.

A German court intervened, ordering NSI to stop soliciting Strato's domain clients. Strato said it would pursue legal action in the US as well, and alleged that Network Solutions "has begun manipulating data to the disadvantage of STRATO clients. NSI is trying to prevent the legitimate relocation of the domains with newer and ever-changing technical hurdles," Strato said in a press statement.

Phishing Scam Installs Keylogger Via Web Page

In a sign of the growing diversity of phishing scams, a new e-mail combines social engineering tricks and HTML coding to defraud victims using a keylogging program that attempts to capture banking usernames and passwords.

The latest scam, documented at Codefish Spamwatch, operates via an email with the subject "Police investigation."

Continue reading

Number of sites running Windows Server 2003 overtakes NT

The number of hostnames found by the Web Server Survey running Windows Server 2003 overtook NT4 this month. We now find over 1.25M hostnames running on Windows 2003, a 283% increase since August.


Comparing the operating systems with those of September 03 shows the majority of the sites to have migrated from Windows 2000 (534K), but also 55K of the sites to have migrated from Linux, 56K from FreeBSD and 8K from Solaris, with 272K of the hostnames running Win2003 new sites not previously running a different operating system.

Continue reading

Visual Spoofing Offers new Opportunities for Phishers

A new technique called "visual spoofing" provides a way for Internet phishing scams to convincingly mimick the web sites of banks and credit card companies. The technique alters the user interface of the web browser, substituting images for parts of the browser interface that would normally help users detect the fraud.

Visual spoofing, as outlined by Don Park, uses javascript links to launch a new browser window without scrollbars, menubars, toolbars and the status bar. This coding trick is commonly used to launch pop-up ads. In visual spoofing, these GUI elements are replaced by images, allowing the site creator to substitute a fake status bar containing the URL for a legitimate site, along with an image of a "lock" indicating a secure SSL site. Park has posted a demo of the technique, which works in multiple browsers. End users have the ability to configure their browser to prevent this behavior.

Phishing attacks seek to trick account holders into divulging sensitive account information through the use of e-mails which appear to come from trusted financial institutions and retailers. Such scams have multiplied in recent months, with many taking advantage of a bug in Internet Explorer that made it easier for fraudsters to simulate the URLs of target financial institution.

Microsoft issued a patch to repair that problem on Feb. 2. Visual spoofing does not rely on the URL spoofing, relying instead on the fake images to accomplish the deceipt.

DDoS may have ended, but www.sco.com not yet back in the DNS

The www.sco.com hostname remains out of the DNS, three days after the denial of service attack connected to the MyDoom virus was scheduled to finish. Computers infected by MyDoom, which at one point estimated to be more than 400,000, were programmed to launch a DDoS on SCO's main web site Feb. 1 and end the attack Feb. 12, this past Thursday.

However, SCO have not yet put ww.sco.com back into the DNS, perhaps indicating that varients of the virus may be continuing the attack, or perhaps simply that they perceive that the cost/benefit of the site has become unfavourable.

% host www.sco.com
Host www.sco.com not found: 3(NXDOMAIN)

SCO took www.sco.com out of the DNS shortly after the attack began Feb. 1, and began using www.thescogroup.com as an alternate site. That URL has also experienced performance problems at first, but has been available in recent days.

A dynamically updating table of the sites affected by the MyDoom DDoS is available here.