Wpad.cn: Experts Fear Hackers Will Buy Important Domain

Dennis Faas's picture

There is some fear circulating among industry insiders over a domain name on sale right now. While wpad.cn might be of little significance to the average end-user, cybercriminals would rejoice over its acquisition.

Duane Wessels, the president of Measurement Factory, knows how important the wpad namesake is. Wessels is the owner of five wpad domains: wpad.com, wpad.net, wpad.org, wpad.biz and wpad.us.

While not a popular domain for Google searches, the sites are frequented by Windows computers erroneously searching for network configuration information, due to a decade-old Windows bug that Microsoft had first repaired in 1999.

In this manner, computers search for a Web Proxy Auto-Discovery (WPAD) server on the network. These servers are ideally trusted machines, set up by administrators, to send the computer to a configuration file called wpad.dat. (Source: computerworld.com)

Combined, the five domains receive 5 million hits per day.

Flaw Fixed, Domains Thrive

The ironic thing is that nobody (not even Wessels) can understand why the domains attract so many hits long after Microsoft had fixed the flaw. According to Wessels, older versions of Windows still in circulation, obscure programs with built-in web components or even misconfigured servers on the network could all be responsible for its continued popularity.

With traffic numbers being so high, it is no wonder why cybercriminals would want to own the coveted wpad namesake. Hackers could easily set up a phishing site or send out spam in droves.

Computers in China at Risk

Surprisingly, computers in China that are misconfigured very frequently land on the wpad.cn domain. If someone in America really wanted to get back at Chinese cybercriminals, the wpad.cn domain would be the most accessible, yet highly immoral, way to do it. (Source: mis-asia.com)

While fears continue surrounding the future owner of the wpad.cn site, suggested to sell for around $1,800, raising awareness would be the first step in securing an ethical owner. Still, the entire situation begs the question: if he is so happy with the traffic generated from his five wpad domains, why wouldn't Wessels himself purchase the wpad.cn address and save the computer world some worry?

Rate this article: 
No votes yet