August 2, 2017
Apparently, to distribute scam mailings, cybercriminals use contact database of domain administrators registered in RU-CENTER. Cybercriminals refer to some changes in the ICANN rules and offer the domain administrator to create the PHP file with certain contents in the root directory. The creation of this file is supposed to confirm the right for the domain use by the email recipient. The email itself contains the logo of RU-CENTER and is sent supposedly on its behalf.
The file suggested for saving in the root directory contains a command that executes an arbitrary code specified in a variable. Cybercriminals can send this code to the script posted on the server as a GET or POST request. Doctor Web specialists warn that fulfillment of the demands of cybercriminals will lead to a compromise of the website. If you receive such email, ignore it. If you suppose that the email’s sender is actually the domain name registrar, check this information with the technical support service of the registrar company.
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.
Other comments