WIPO Gives EFF Control Over Bogus Domain Used To Distribute Keyloggers And Other Malware

from the more-than-mere-cyberquatting dept

The World Intellectual Property Organization (WIPO) has actually used its powers for good, stopping an Indonesian citizen from spreading malware while taking the name of the EFF in vain.

The Electronic Frontier Foundation’s website is eff.org. The squatted-on domain was electronicfrontierfoundation.org. As the real EFF vigorously fights against exactly the sort of thing being distributed by the fake site (spyware and malware), it had a legitimate complaint against the cybersquatter that went far deeper than mere trademark-related confusion.

The disputed domain name was registered on August 4, 2015.

On August 13, 2015, the Complainant was informed that the disputed domain name was being used to confuse consumers by redirecting them to the Complainant’s official website only after surreptitiously installing malicious software on the computers of unsuspecting visitors. According to an affidavit of a Staff Technologist of the Complainant, the malicious code exploited a known vulnerability in the computer programming language Java, by disabling Java security settings which allows it to execute arbitrary Java code without having to ask for the user’s permission.

The incident was reported in the media, for instance in an article published on August 28, 2015 on the website of Ars Technica under the title “Fake EFF site serving espionage malware was likely active for 3+ weeks”.

The EFF’s complaint against the cybersquatter also pointed out that the URL was being used in bad faith, implanting computers with keyloggers and being used as a backdrop for a spear phishing campaign.

The Complainant contends that these facts strongly suggest that the disputed domain name was registered for the purpose of supporting a phishing campaign, i.e. an attempt to discover sensitive information such as usernames, passwords or personal details, by confusing consumers into believing that the attacker, to whom information is actually being provided, is in fact a different, trustworthy entity to whom consumers desire to provide information.

WIPO found that the EFF’s complaint satisfied multiple prongs of its domain name dispute resolution process. The trademark on the name itself dates back to 1993 and the use of the bogus site to deliver malware payloads added up to “bad faith” use.

The domain has been taken from Shawanda Kirlin of Bali, Indonesia, and given to the EFF for its own use. This will kill off one arm of a sophisticated malware campaign with possible ties to the Russian government and prevent further abuse of internet users looking for information on privacy and security.

Filed Under: , , , ,
Companies: eff

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “WIPO Gives EFF Control Over Bogus Domain Used To Distribute Keyloggers And Other Malware”

Subscribe: RSS Leave a comment
ltlw0lf (profile) says:

Re: Re:

I’m surprised they hadn’t obtained the different variations of their name before. Domains are so cheap, you can afford 100$/year to buy the .com’s .org’s et all.

Maybe they would actually like to spend that money helping others, not having to be stupid and waste the money on building up huge portfolios of misspelled and potentially-fraudulent-sounding domain names? The EFF does good work. Why do you want to saddle them with huge debts just to make the domain name industry a little more money?

Leave a Reply to ltlw0lf Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...