WIPO Gives EFF Control Over Bogus Domain Used To Distribute Keyloggers And Other Malware

from the more-than-mere-cyberquatting dept

The World Intellectual Property Organization (WIPO) has actually used its powers for good, stopping an Indonesian citizen from spreading malware while taking the name of the EFF in vain.

The Electronic Frontier Foundation's website is eff.org. The squatted-on domain was electronicfrontierfoundation.org. As the real EFF vigorously fights against exactly the sort of thing being distributed by the fake site (spyware and malware), it had a legitimate complaint against the cybersquatter that went far deeper than mere trademark-related confusion.

The disputed domain name was registered on August 4, 2015.

On August 13, 2015, the Complainant was informed that the disputed domain name was being used to confuse consumers by redirecting them to the Complainant’s official website only after surreptitiously installing malicious software on the computers of unsuspecting visitors. According to an affidavit of a Staff Technologist of the Complainant, the malicious code exploited a known vulnerability in the computer programming language Java, by disabling Java security settings which allows it to execute arbitrary Java code without having to ask for the user’s permission.

The incident was reported in the media, for instance in an article published on August 28, 2015 on the website of Ars Technica under the title “Fake EFF site serving espionage malware was likely active for 3+ weeks”.
The EFF's complaint against the cybersquatter also pointed out that the URL was being used in bad faith, implanting computers with keyloggers and being used as a backdrop for a spear phishing campaign.
The Complainant contends that these facts strongly suggest that the disputed domain name was registered for the purpose of supporting a phishing campaign, i.e. an attempt to discover sensitive information such as usernames, passwords or personal details, by confusing consumers into believing that the attacker, to whom information is actually being provided, is in fact a different, trustworthy entity to whom consumers desire to provide information.
WIPO found that the EFF's complaint satisfied multiple prongs of its domain name dispute resolution process. The trademark on the name itself dates back to 1993 and the use of the bogus site to deliver malware payloads added up to "bad faith" use.

The domain has been taken from Shawanda Kirlin of Bali, Indonesia, and given to the EFF for its own use. This will kill off one arm of a sophisticated malware campaign with possible ties to the Russian government and prevent further abuse of internet users looking for information on privacy and security.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersquatting, domains, keylogger, malware, wipo
Companies: eff


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 18 Nov 2015 @ 3:59pm

    WIPO made a thing right, therefore, copywrong is right.

    link to this | view in thread ]

  2. identicon
    Techanon, 18 Nov 2015 @ 8:40pm

    Now, this is the proper way to do trademark. Kudos to the EFF.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 19 Nov 2015 @ 2:07am

    I'm surprised they hadn't obtained the different variations of their name before. Domains are so cheap, you can afford 100$/year to buy the .com's .org's et all.

    link to this | view in thread ]

  4. icon
    DannyB (profile), 19 Nov 2015 @ 7:07am

    Re:

    What? Are you suggesting that the WRONG way to do trademark is to sue anyone using the word "electronic" ?

    link to this | view in thread ]

  5. icon
    ltlw0lf (profile), 19 Nov 2015 @ 7:16am

    Re:

    I'm surprised they hadn't obtained the different variations of their name before. Domains are so cheap, you can afford 100$/year to buy the .com's .org's et all.

    Maybe they would actually like to spend that money helping others, not having to be stupid and waste the money on building up huge portfolios of misspelled and potentially-fraudulent-sounding domain names? The EFF does good work. Why do you want to saddle them with huge debts just to make the domain name industry a little more money?

    link to this | view in thread ]

  6. identicon
    Anon, 19 Nov 2015 @ 12:08pm

    Sense of Humor.

    (Checks to see that it's not April 1st...)

    An Indonesian person exploiting Java??

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.