Registrar was named in report about malware network.
ICANN’s initial review of domain name registrar GalComm hasn’t turned up anything bad about the registrar.
Awake Security published a report in June about a network of malware. It said that many of the domains used in the network were registered at ICANN-accredited registrar Galcomm and questioned if Galcomm was involved, or, at minimum, turning a blind eye.
GalComm refutes the allegations. Through an attorney, it contacted ICANN to dispute the Awake Security’s report. (It has also asked Awake to retract the report.) So far, ICANN’s Security, Stability and Resiliency team has been “unable to corroborate the findings Awake Security presented and it does appear that Awake Security had an inaccurate picture of the total domains under management by GalComm.”
ICANN continues to investigate.
One interesting aspect of the case is that Awake Security says it attempted to contact GalComm multiple times before publishing the report. GalComm refutes this. I find it hard to believe that Awake did not try to contact the registrar; a more likely defense for GalComm is that it didn’t receive the communications.
ICANN’s Vice President of Accounts and Services Russ Weinstein informed GalComm that Awake Security hasn’t contacted ICANN, but Awake told Domain Name Wire that it has.
Awake Security issues this statement to Domain Name Wire about ICANN’s findings:
Awake stands by the findings in our report. As a result of our analysis, Google took down numerous extensions from the Chrome App Store. Moreover, as our research showed, reputation block lists (RBLs) are ineffective for this particular type of campaign due to the evasive techniques used by attackers designed specifically to bypass reputation-based security systems. It has also been more than 2 months at this point since our research was released, and as you would expect, the attackers have since changed their tools and tactics.
We would also like to point out that Awake did in fact communicate with ICANN on August 6th but it appears that Mr. Weinstein is not aware of this. We are reaching out to him to share our prior correspondence with ICANN.