Malicious Link-Shortening Service Hops Onto .US Top-Level Domain

Iranian campaign attacks mid-east defense & intel agencies, Cyberattacks hits British Library, Atlassian urges Confluence patches, F5 warns of BIG-IP exploits in the wild, Mozi botnet disappears, more

Off-topic: Check out my latest report from the Google antitrust trial covering the testimony of Google CEO Sundar Pichai.

Researchers at Infobox report that the top-level domain for the United States, .US, is home to thousands of newly registered domains tied to a malicious link-shortening service dubbed Prolific Puma that facilitates malware and phishing scams.

Infoblox has been tracking what appears to be a three-year-old link-shortening service catering to phishers and malware purveyors. Infoblox found the domains involved are typically three to seven characters long and hosted on bulletproof hosting providers that charge a premium to ignore any abuse or legal complaints.

The short domains don’t host any content themselves but are used to obfuscate the real address of landing pages that try to phish users or install malware.

Infoblox says it’s unclear how the phishing and malware landing pages tied to this service are being initially promoted. However, they suspect it is mainly throug…