Microsoft has purchased the ‘dangerous domain’ name Corp.com to keep it away from criminals. Although Microsoft has confirmed that the company has indeed bought corp.com, it hasn’t disclosed the financial details of this deal.
Earlier this year, security researcher Briant Krebs did a story that the dangerous domain name Corp.com was up for sale and the owner of the domain name who goes by the name Mike O’Connor was trying to sell it for 1.7 million dollars.
Microsoft buys corp.com
For those who are not aware, Corp.com — a domain that was registered by O’Connor 26 years ago — has a special meaning to older versions of Windows operating system (like Windows Server 2000), in addition to certain deployments of Active
Directory.
Back in the older days, Microsoft used to recommend people trying to configure Windows Network domains to put down a domain at the end. This way, everything underneath that particular domain would be grouped, and people could use ‘Corp’ as the default domain path for the Active Directory.
There’s a Windows DNS Client feature called DNS name devolution that identifies computers connected to corporate networks in Active Directory. As long as you are using the feature in your internal network, there’s absolutely no issue.
However, if you take a laptop that was joined to a domain like ‘Corp,’ the DNS name devolution would result in something called namespace collision where ‘corp’ will overlap with ‘corp.com’ given the way things worked back in the days.
Over the years, O’Connor has been noticing all this traffic originating from Windows machines that were configured to be part of Active Directory deployment.
Over eight months, O’Connor with the help of security researchers saw more than 375,000 thousand different requests, all trying to connect to what they think is their internal corporate network.
The information is so valuable for attackers that Microsoft doesn’t want it to fall into the hands of cybercriminals or nation-state actors who would love to sit there and watch credentials and sensitive information reach bad people.
