Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Where is Cameroon ? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Where is Cameroon ?
Where Cameroon is?  Well, only a small typo away!  A reader today alerted us to the fact that "google.cm" is not your trusty search engine, but rather ... something else. Currently, the link leads to kinda a mock-up of a search tool named "Agoga" that appears to make money from displaying paid-for ad content. On first sight, we didn't find anything malicious lurking on the Agoga pages, but this could well change anytime (meaning: go there at your own risk).  In fact, and surprisingly enough, everything dot-cm ends up on that selfsame site. Yes, Cameroon registry is running a DNS wildcard right at the top level domain. Think phisher's paradise -- onlinebank.cm, myspace.cm, paypal.cm, anyone ?   If you haven't got legitimate business with firms in Cameroon, you might want to consider making your internal DNS server authoritative for .cm and return 127.0.0.1 until the Cameroon registry deigns to rectify this sorry state of affairs.  Agoga.com seems to be owned by a company "Netview Inc" in Vancouver, BC.
Daniel

367 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!