Reading the article, it seems to be initiated by a company in Isreal.
Quote
"This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains," Golomb said.
All of the domains in question, more than 15,000 linked to each other in total, were purchased from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication Ltd.
Awake said Galcomm should have known what was happening.
In an email exchange, Galcomm owner Moshe Fogel told Reuters that his company had done nothing wrong.
"Galcomm is not involved, and not in complicity with any malicious activity whatsoever," Fogel wrote. "You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can."
Fogel said there was no record of the inquiries Golomb said he made in April and again in May to the company's email address for reporting abusive behavior, and he asked for a list of suspect domains. Reuters sent him that list three times without getting a substantive response.
The Internet Corp for Assigned Names and Numbers, which oversees registrars, said it had received few complaints about Galcomm over the years, and none about malware.
While deceptive extensions have been a problem for years, they are getting worse. They initially spewed unwanted advertisements, and now are more likely to install additional malicious programs or track where users are and what they are doing for government or commercial spies.