A domain for phishing and scamming is sold for just under 2,000 bucks

 The sale of a Chinese domain has attracted attention of some observers and one businessman. The wpad.cn domain is for sale, according to a note posted on the Web site. Duane Wessels the president of Measurement Factory, owns five wpad domains -- wpad.com, wpad.net, wpad.org, wpad.biz and wpad.us.

Between them, he gets 5 million hits per day. Most of them come from Windows computers erroneously looking for network configuration information a Web Proxy Auto-Discovery (WPAD) server on the network. These servers are trusted machines, set up by administrators to send the PC a Web configuration file called wpad.dat. He is concerned about potential misuse of the domain on sale by the criminals for perpetrating phishing or other types of fraud.

Wessels speculates that if criminals were to take control of the wpad.cn domain they could set themselves up as a proxy Web server for their victims, redirecting them to a phishing site or sneaking unwanted ads onto their computers.

The WPAD server's name will start with wpad (as in wpad.corp.idg.com) so, using a technique known as DNS devolution, Windows systems will search far and wide for a machine starting with those four letters. Unfortunately, this sometimes sends them out of the network -- to Wessels' wpad.com Web site, for example. Computers in China that were similarly misconfigured would likely look to the wpad.cn domain.

Wessels and other DNS experts think that someone could probably misuse the wpad.cn domain by sending malicious wpad.dat files to those computers.

The domain is being offered for ¥12,000 (US$1,760).