Google recently removed websites under the .CO.CC second-level domain (SLD) from its search engine’s results. As a means to protect users, we do not think this is a good solution.
Based on our research and monitoring of malicious domains and cybercrime activity, we know for a fact that all major cybercriminals have already moved from *.co.cc to other similarly abused SLDs like *.rr.nu or *.co.tv. This abuse of rogue SLDs is excessive and is rapidly escalating. Cybercriminals routinely jump from one SLD to another in order to keep their FAKEAV via blackhat search engine optimization (SEO) schemes alive, among other Web-based attacks.
The following list of the number of malicious URLs we found on certain SLDs suggests why blocking *.co.cc domains is a short-term band-aid solution:
In addition, if we chart the typical infection chain for the majority of blackhat SEO attacks nowadays, you will notice that the malicious SLDs are more often used for the second, third, up to the fourth jumps or redirections. The doorway pages—those that are actually indexed by search engines—very rarely use *.co.cc. So, blocking these makes no sense.