Industry News

Soviet Domains Increasingly Appealing to Capitalist Hackers

The top level domain allocated to the former Soviet Union is making a comeback on the dark side of the web, where cyber-criminals host their attack tools.

According to security researchers at RSA, as quoted by the Associated Press, the number of .su domains used for nefarious purposes is reaching worrying proportions. The suffix, assigned to the USSR in 1990 on the verge of the Soviet collapse, is attracting a variety of shady webmasters, from whistleblowers to bot-herders and ransomware operators.

According to CERT-BIB’s Andrei Komarov, the number of malicious websites hosted across the Soviet Union’s old domain doubled in 2011 and doubled again in 2012, exceeding the number of malicious domains hosted on .ru domains.

“We realize it’s a threat for our image,” said Sergei Ovcharenko of Foundation for Internet Development, the ruling entity for the SU domain namespace since 2007. There are about 120,000 domains registered now, of which Bitdefender estimates that about one percent of them is known to be involved in malicious ops.

The reasons that led to the proliferation of malicious SU domains are not political, but rather are caused by permissive, outdated legislation and terms of use, as well as cyber-crooks’ preference for bulletproof hosting.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.