- by David Goldstein -
EURid officially launched their Abuse Prevention and Early Warning System (APEWS) in December 2019, but it has been operational since January 2018, detecting malicious .eu domain name registrations.
In its first two years of operation, APEWS correctly detected over 60,000 malicious .eu domain names, with just over 2,000 detected since its official launch, it won two awards and was one of the partners working with Microsoft to help take down the Necurs botnet.
APEWS works by evaluating patterns of domain name registrations, predicting whether a domain name may potentially be used in an abusive manner making the .eu country code top-level domain (ccTLD) one of the safest. If the system identifies a registered domain name as potentially linked to abuse, its delegation in the .eu zone file is delayed and its status in the web based WHOIS shows “Server Hold”.
It was this method of evaluating malicious domain name registrations that assisted in the takedown of Necurs, a one of the world’s most prolific botnets that Microsoft and partners across 35 countries worked together to take down in early March. It was so prolific that it infected more than nine million computers globally and in 25 months had used six million unique domains in various ccTLDs and gTLDs. Necurs though has been operational for much longer, with the takedown the result of eight years of tracking and planning and with it disrupted will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.
The two awards recognising the system’s achievements were, firstly, the eco Domains award, and secondly EURid’s paper on Abuse Prevention and Early Warning System won one of the two “Distinguished Paper Awards” at the Annual Computer Security Applications Conference (ACSAC).