Google Removes .CO.CC Subdomains Over Phishing, Spam Concerns

In a rare and sweeping move, Google has removed all of the sites hosted on .co.cc domains from its search results, saying that because such a large percentage of the sites on that freehosting provider are low-quality or spammy, they decided to de-index all of them.

In a rare and sweeping move, Google has removed all of the sites hosted on .co.cc domains from its search results, saying that because such a large percentage of the sites on that freehosting provider are low-quality or spammy, they decided to de-index all of them.

The .co.cc domain is well-known in security and anti-spam circles for being a favorite spot for phishing and spam domains, but there also are legitimate domains hosted there. The .cc country-code TLD belongs to an Australian territory called the Cocos Islands, but the .co.cc subdomain is also used as a freehost that allows anyone to register a domain. There’s a South Korean company that sells subdomains on there, as well.

In a message last week, a Google employee named Matt Cutts said that this action doesn’t represent any new policy from Google.

“We absolutely do try to be granular, but I wanted to mention that if we
see a very large fraction of sites on a specific freehost be spammy or
low-quality, we do reserve the right to take action on the freehost as a
whole. I think most savvy search/SEO folks would understand this
completely, but I figure it’s better to over-communicate than
under-communicate,” Cutts said in a post on the Google+ site.

This is not a new webspam policy. Other parts of Google do similar things. For example, http://googleonlinesecurity.blogspot.com/2011/06/protecting-users-from-malware-hosted-on.html
talks about “bulk subdomain providers” (treat it as the same thing as a
freehost) and they mention “To help protect users we recently modified
those [malware scanning] systems to identify bulk subdomain services
which are being abused. In some severe cases our systems may now flag
the whole bulk domain.”

In its most recent report on the scope and spread of phishing sites, The Anti-Phishing Working Group compiled stats that show that seven percent of all phishing domains were hosted on .cc domains in the second half of 2010. More than 4,900 phishing attacks originated from .cc domains in that period, the group said.

The majority of phishing continues to be concentrated in just a few namespaces. Except for .TK and CO.CC, which were taken advantage of more extensively by phishers, phishing was roughly distributed by market share,” the APWG report said.

The action by Google is a clear demonstration of the amount of power and influence that the company has on the Web. While Bing and other search engines still are indexing the .co.cc domains, Google’s market share is such that dropping these domains from its search results essentially cuts them off from the Internet.

On Google’s Webmaster help site, John Mueller, a Google Webmaster trends analyst, says that the company understands this.

If you feel that your particular site is in line with our
Webmaster Guidelines, I would recommend submitting a reconsideration
request. Additionally, if you use a subdomain on a widely used domain
name, and feel that your subdomain provider is not up to par with
regards to preventing and handling abuse quickly – be it webspam,
phishing, or malware – you may wish to look into ways of remedying that,” Mueller wrote.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.