How Fast Flux DNS is Hurting Brands and How It Could Affect UDRP

By Steve Levy

Domain name disputes may now pose more than simply a risk to one’s brand reputation. Rather than merely inputting a typo of your favorite brand and winding up at a pay-per-click website, a more sinister exploit called fast flux DNS is gaining ground among cybersquatters.

What is Fast Flux DNS?

With fast flux DNS (FFDNS), users who type in the wrong domain name will find themselves quickly and automatically redirected through a series of other URLs and will ultimately land on a page that may attempt to deposit malware onto their computer.

The domain owner may be getting paid to feed a criminal network that seeks to commit identity theft by infecting a user’s computer with a virus that can read sensitive information.

Infected customers may not only be unhappy with the brand, they may also be at risk of all the dangers presented by malware such as identity theft and loss of data. And if a virus infects company machines through a domain name related FFDNS exploit, it could become a gateway for hackers by spreading to other parts of the network and compromising data security, including customer accounts, employee information, confidential information about vendors and other business partners.

Why is Fast Flux DNS More Harmful?

Another interesting element of this FFDNS technique is that it rarely leads a user to the same final website twice.

In an attempt to avoid detection by law enforcement, investigators, and brand owners, the initial cybersquatted domain often leads to a different series of redirects and final websites each time it is used.

When someone discovers an infringing domain name using FFDNS to redirect to a malware site, the next time they try going to that domain they may not be able to get a screenshot to support a legal complaint.

How Then I Can Prove It’s Occurring for my UDRP Complaint?

Since you may not see the same website result twice, it has become very important to get a screenshot the first time you visit a cybersquatted domain name in order to preserve evidence for a possible future UDRP complaint or other enforcement effort.

An even better option is to use a video capture app so that you can see and reproduce the fast redirects step by step. This helps prove that the disputed domain name does, in fact, redirect to the final website and also avoids the risk that a panelist, dispute provider staffer, or others might be exposed to malware from reviewing the FFDNS process first-hand.

Efforts are underway to have these video files accepted as evidence by the major UDRP dispute providers, since some of them list technical requirements for submitted pleadings in their supplemental rules.

How Is Fast Flux DNS Playing Into Current UDRP Cases?

While the use of fast flux DNS is not completely new, its use has spiked recently and many cybersquatters (or their registrars) are shifting to FFDNS from pay-per-click pages. One UDRP case, while not using the term FFDNS, referred to this as “a rotating number of websites”, some of which are “designed for phishing or distribution of malware”.

The panel held that using a domain name in this manner is not a bona fide service or offering of goods under the policy and does not provide any rights or legitimate interests to the domain owner. It went on to find that the “respondent acted in bad faith by attempting to trade on the goodwill and reputation of the complainant’s trademark by operating websites that redirect visitors to competitor websites or to websites distributing malicious code”.

One particular issue that is likely to present itself in upcoming UDRP decisions is how to gauge bad faith when the domain comprises a generic term that also functions as someone’s trademark (for example, Apple or Dove). With pay-per-click websites it’s often quite clear that the domain is leveraging the value of the brand if the links that appear on the page relate to the brand owner’s products or services.

However, with FFDNS it may be less clear where the user is redirected to a malware page that doesn’t relate to any specific product or topic. Of course, this particular issue is also not completely new and UDRP Panelists have had to deal with it in all manner of cases where the website that results from the disputed domain name doesn’t specifically mention the affected trademark (such as registrar parking pages, non-resolving websites, and other arguably neutral website content).

But, as in these established case scenarios, complainants may need to rely on other evidence to show that the brand was actually targeted by the domain owner.

What Does the Future Look Like?

Ultimately this all raises the question of how brand owners can best address this increase in FFDNS activity. A first step is to be vigilant and consider this a cybersecurity matter rather than simply one of brand protection.

If one’s intellectual property budget is not sufficiently robust to fund added enforcement efforts it may be worthwhile to look to the company’s IT and cybersecurity budget. Regardless of who funds the effort, disabling or securing the transfer of a domain name that uses FFDNS should resolve the problem thus benefiting the entire company as well as at-risk consumers.

This is an area that is likely to evolve over the next year. For now, the best approach is continued vigilance and factoring FFDNS into policy and budget discussions for the cyberthreat that it is.

Sign up to receive notification of new blog content, relevant domain name strategy insights, and webinar invitations from FairWinds Partners.

Latest Posts

Scroll to Top