Born Identity

Most of you may know what these services typically offer. The process is simple; when a ‘Site Takedown’ service provider is alerted (normally it takes a few hours and it could take up to a few days in certain cases) to a phishing incident, they simply start taking steps to bring down the phishing site from the Internet. Usually, this process takes a few additional days when these servers are geographically operating outside international and legal boundaries. Some of these providers also offer IP sharing networks where the IP addresses of these phishing servers are shared with other member subscribers.
From a security standpoint, these services are useless due to the level of sophistication fraudsters currently operate compared to the reactive approach the service providers operate. One reason being, these fraudsters operate in real time (internet speed) and rely on the fact that these takedown solutions can only be reactive in nature.
One technique the fraudsters are effectively using today is known as “fast flux” whereby they move phishing sites around so fast that it's next to impossible to catch up with them. Fast flux was first seen around two years ago but recently it has became very popular with operators of botnets - networks of computers belonging to unsuspecting users infected with bots, allowing them to be controlled remotely and used for phishing and other scams. The idea is to move the criminal sites around so fast that it's next to impossible to catch up with them.
In its simplest form, fast flux means that the name server controlling the domain constantly changes its response to attempts to look up the Web page. Before anyone can identify the IP address of an offending site and take it offline, the URL will be pointing to a different IP address. An analogy could be that if anyone tries to reach me via my phone no or email address they get an ‘out of service’ response or a bounced email respectively, since every two minutes my phone number or email address changes.
This technique was developed by fraudsters as a response to these site takedown services getting better at finding and shutting down Web servers offering phishing content. The weakness of the simple approach, known as single flux, is that the authoritative name server for the domain remains the same. Take that name server offline, and the offending site goes down. Double flux gets around that by cycling the name server itself among multiple machines with multiple IP addresses. It continues to return constantly changing server addresses as well. The resulting ever-changing list of addresses is nearly impossible to shut down. While locating all the machines in a fast flux operation is virtually impossible newer techniques are constantly being developed but this is still a cat and mouse game which will go on and on, with site takedown service providers always being a few steps behind the fraudsters. Unfortunately, financial and other institutions end up paying a fortune subscribing for these types of services in the hope of preventing fraud, when they really should be shoring up their precious resources by investing in real time proactive fraud prevention technologies rather than simply relying on site takedown services.
One a positive note, there are certain Site Takedown Services which are offered by non-security vendors that have proven really useful when it comes to defending your brand on multiple online fronts especially if your customers are purchasing products/services due to brand recognition. These services are offered by marketing-centric companies and provide a holistic solution designed to enable companies to protect revenue, reputation, and customer trust online. These services typically include domain management, to proactively identify and seize opportunities, prevent brand abuse and efficiently manage domain assets; online trademark and intellectual property abuse and online channel protection services to protect brand equity and profits by detecting and shutting down online sales of counterfeit, pirated, and gray market goods.