Soviet Domains Increasingly Appealing to Capitalist Hackers

The top level domain allocated to the former Soviet Union is making a comeback on the dark side of the web, where cyber-criminals host their attack tools.

According to security researchers at RSA, as quoted by the Associated Press, the number of .su domains used for nefarious purposes is reaching worrying proportions. The suffix, assigned to the USSR in 1990 on the verge of the Soviet collapse, is attracting a variety of shady webmasters, from whistleblowers to bot-herders and ransomware operators.

According to CERT-BIB`s Andrei Komarov, the number of malicious websites hosted across the Soviet Union’s old domain doubled in 2011 and doubled again in 2012, exceeding the number of malicious domains hosted on .ru domains.

“We realize it’s a threat for our image,” said Sergei Ovcharenko of Foundation for Internet Development, the ruling entity for the SU domain namespace since 2007. There are about 120,000 domains registered now, of which Bitdefender estimates that about one percent of them is known to be involved in malicious ops.

The reasons that led to the proliferation of malicious SU domains are not political, but rather are caused by permissive, outdated legislation and terms of use, as well as cyber-crooks` preference for bulletproof hosting.