Google officially removed a “freehost” provider from a Korean Company that was providing the .co.cc domain (link to The Register article). This was done on the basis of a large percentage of spammy or low-quality sites. According to the Anti-Phishing Working Group (report) this top level domain accounted for a large number of mal-ware, phishing, and spam traffic.
This defensive move by Google frames nicely a counter move to what I have termed as ‘Infrastructure level attacks’. These types of attacks are executed through planned and global programs designed to bypass the fundamental security safeguards organizations deploy. The popular examples are RSA SecureID Tokens and Comodo certificates.
The challenge has been how to respond equally to such attacks, and here we are seeing an exploration into this response. The U.S. Government is exploring filters and preventive tools at the ISP level, and here we have a propagator of search results eliminating the possibility of users connecting to such domains – regardless of any possible non-malicious site.
This highlights the need to examine the information security program of your organization and the core providers. This examination must consider risks that are known and ‘far-fetched ideas’ (such as the domain being blocked at the ISP level) that may impact your business. Such continuous programs of risk assessment are key, but just as critical is the examination and pivoting of the program itself. (yes.. a risk assessment of the risk assessment program).