WIPO Gives EFF Control Over Bogus Domain Used To Distribute Keyloggers And Other Malware

from the more-than-mere-cyberquatting dept

The World Intellectual Property Organization (WIPO) has actually used its powers for good, stopping an Indonesian citizen from spreading malware while taking the name of the EFF in vain.

The Electronic Frontier Foundation's website is eff.org. The squatted-on domain was electronicfrontierfoundation.org. As the real EFF vigorously fights against exactly the sort of thing being distributed by the fake site (spyware and malware), it had a legitimate complaint against the cybersquatter that went far deeper than mere trademark-related confusion.

The disputed domain name was registered on August 4, 2015.

On August 13, 2015, the Complainant was informed that the disputed domain name was being used to confuse consumers by redirecting them to the Complainant’s official website only after surreptitiously installing malicious software on the computers of unsuspecting visitors. According to an affidavit of a Staff Technologist of the Complainant, the malicious code exploited a known vulnerability in the computer programming language Java, by disabling Java security settings which allows it to execute arbitrary Java code without having to ask for the user’s permission.

The incident was reported in the media, for instance in an article published on August 28, 2015 on the website of Ars Technica under the title “Fake EFF site serving espionage malware was likely active for 3+ weeks”.
The EFF's complaint against the cybersquatter also pointed out that the URL was being used in bad faith, implanting computers with keyloggers and being used as a backdrop for a spear phishing campaign.
The Complainant contends that these facts strongly suggest that the disputed domain name was registered for the purpose of supporting a phishing campaign, i.e. an attempt to discover sensitive information such as usernames, passwords or personal details, by confusing consumers into believing that the attacker, to whom information is actually being provided, is in fact a different, trustworthy entity to whom consumers desire to provide information.
WIPO found that the EFF's complaint satisfied multiple prongs of its domain name dispute resolution process. The trademark on the name itself dates back to 1993 and the use of the bogus site to deliver malware payloads added up to "bad faith" use.

The domain has been taken from Shawanda Kirlin of Bali, Indonesia, and given to the EFF for its own use. This will kill off one arm of a sophisticated malware campaign with possible ties to the Russian government and prevent further abuse of internet users looking for information on privacy and security.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Nov 2015 @ 3:59pm

    WIPO made a thing right, therefore, copywrong is right.

    reply to this | link to this | view in chronology ]

  • identicon
    Techanon, 18 Nov 2015 @ 8:40pm

    Now, this is the proper way to do trademark. Kudos to the EFF.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Nov 2015 @ 2:07am

    I'm surprised they hadn't obtained the different variations of their name before. Domains are so cheap, you can afford 100$/year to buy the .com's .org's et all.

    reply to this | link to this | view in chronology ]

    • icon
      ltlw0lf (profile), 19 Nov 2015 @ 7:16am

      Re:

      I'm surprised they hadn't obtained the different variations of their name before. Domains are so cheap, you can afford 100$/year to buy the .com's .org's et all.

      Maybe they would actually like to spend that money helping others, not having to be stupid and waste the money on building up huge portfolios of misspelled and potentially-fraudulent-sounding domain names? The EFF does good work. Why do you want to saddle them with huge debts just to make the domain name industry a little more money?

      reply to this | link to this | view in chronology ]

  • identicon
    Anon, 19 Nov 2015 @ 12:08pm

    Sense of Humor.

    (Checks to see that it's not April 1st...)

    An Indonesian person exploiting Java??

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.