New domain names a haven for hackers, security experts warn

The planned introduction new internet domain names could have security implications, warn researchers

The planned introduction of more than 1,900 new generic top-level domain (gTLD) names by Internet Corporation for Assigned Names and Numbers (Icann) could have security implications, researchers have warned.

The plan to allow web addresses ending in hundreds of generic words, such as .flowers and brand names such as .google and .pepsi, is the most dramatic change to the internet in decades.

Icann hopes to have the first of the new domains live by early 2013, but members of the security industry have raised concerns that the opportunity could be exploited by cybercriminals.

As unfamiliar domain names begin to proliferate, there are fears that cybercriminals could use well-known brand names to create malicious sites that look legitimate and have plausible web addresses.

"It will be increasingly difficult for consumers to instinctively know what may be an illegitimate site carrying potential threats," said Carl Leonard, senior security research manager for Europe at security firm Websense.

Ican will need strict enforcement of its policies for generic top-level domains

Carl Leonard, senior research manager, Websense

Such sites are typically used for phishing attacks or the delivery of malware to unsuspecting visitors.

In the beginning, web users will tend to trust e-mails received from “” without having any way of knowing exactly who sent the message, said Leonard.

"Icann will need strict enforcement of its policies and stringent evaluation procedures for generic top-level domains so that the bad guys don’t get their hands on them,” he said.

According to Leonard, businesses will also have to take care to ensure their reputation is not damaged by criminals registering their brand name in a .xxx domain, for example.

The high price of the entrance fee to apply for a TLD should be a deterrent to cybercriminals, he said, but businesses still need to take precautions.

"First, they need to ensure that their brand is protected by pre-registering their company name and trademarks under the new top level domains and secure the rights to these.

Second, take precautions so that employees are not accidentally accessing bogus sites by ensuring they protect access to these malicious sites in real time," he said.

Jason Rawkins, partner and domain names specialist at law firm Taylor Wessing, said brand owners will need to keep a close eye on the registration of their brands at the second and subsequent levels by other applicants.

"For example, fashion companies such as Prada and Hermes will want to make sure that whoever is awarded the .fashion domain does not allow a third party to register or," he said.

Image: Thinkstock

Read more on Hackers and cybercrime prevention