The Coordination Center for TLD .RU/.РФ continues to monitor the situation around the registration of .RU and .РФ domains related to COVID-19 and pandemic containment measures.
Recent monitoring of the ccTLD .RU and .РФ, which is regularly carried out by the Coordination Center for TLD .RU/.РФ since the beginning of 2020, has shown that 119 domain names related to the coronavirus and pandemic containment measures were registered in January 2022. 105 new coronavirus-related domains have appeared in the .RU zone, as well as 14, have been registered in .РФ.
In total, during the monitoring since January 2020, 7,702 domain names related to the coronavirus and pandemic containment measures were registered in the .RU and .РФ zones: 6498 in .RU and 1204 in .РФ. Despite such an impressive figure, in reality, the situation does not look so terrible. According to the ‘Netoscope’ project, only 5% of registered coronavirus-related domain names are associated with illegal activity: 335 in the TLD .RU and only 9 in the TLD .РФ.
The data that not all coronavirus-related domains are dangerous was also confirmed by a study of domain names registered in March-April 2020 conducted by the Coordination Center. There were only 565 domains of the more than 2.5 thousand domains registered in .RU today during this period. 26 of them were associated with various types of illegal activity by the participants of the ‘Netoscope’ project. Another 68 "malwares" were found among already removed coronavirus-related domains.
640 domains that met the monitoring criteria were registered in the .РФ zone in March-April 2020. 213 of them continue to exist today. 6 of 9 domains, that were associated by the participants of the ‘Netoscope’ project with the distribution of malware or phishing, have already been removed.
A study of domain names registered in the .RU domain, in one way or another associated with the virus strains and with the keywords “QR”, “gosusligi”, “covid” and some others was also conducted by the Coordination Center. The largest number (1539), as expected, was associated with the keyword “covid”, in second place was “gosuslugi” - 1334 domains, and in third place were domains associated with QR codes - 1093 domain names.
Curiously, the first domains associated with the “omicron” strain appeared back in January and February 2021, when it became clear what principle the emerging new strains would be called by.
Even though the number of dangerous domain names related to the coronavirus and pandemic containment measures is not too large, users need to be vigilant and to observe the rules of cyber hygiene when using electronic resources. Even those few resources that were used for illegal purposes could cause significant harm to users.
Therefore, install an antivirus on every device connected to the Internet; enter personal, account, and online banking data only on websites that support the encryption function (there is an https:// prefix in front of the address); check website domain names for typos; do not open executable files in spam emails.
More instructions and advice in case of facing a computer threat - such as phishing, botnets, malware, or unauthorized access to data -, as well as the contacts of the competent organizations' hotlines, are available on the "Domain Patrol" project of the Coordination Center for TLD .RU/.РФ website.