Summary

Over the past 18 months we have seen a surge, and fall, in new domain registrations that match a set of keywords related to the COVID-19 pandemic. While the majority of these domains have not been observed to be malicious in any way, a minority have been identified as harmful.

Upon observation, many of the malicious campaigns are predictable, offering incentives, often financial, or posing as a legitimate log-in page to steal credentials or deliver malware. The only difference is that in our set the "hook" used to lure victims in involves COVID-19 in some fashion.

DNSTICR is an ongoing project that continues to evolve to the everchanging COVID-19 global pandemic. OCTO will continue to provide updates on this project to the ICANN community, registrars or registries, security professionals, and internet users.

A more detailed report will be published in the near future.

The full blog post is found at https://www.icann.org/en/blogs/details/an-18-month-summary-of-icanns-dnsticr-project-2-9-2021-en