Trend's Martin Roesler says that the `solution' to the problem is very much a paper tiger and does not actually protect users.
"Based on our research and monitoring of malicious domains and cybercrime activity, we know for a fact that all major cybercriminals have already moved from *.co.cc to other similarly abused second-level domains like *.rr.nu or *.co.tv", he says in a security posting.
"This abuse of rogue second-level domains is excessive and rapidly escalating. Cybercriminals routinely jump from one SLD to another to keep their FAKEAV-via-blackhat-SEO schemes alive, among other web-based attacks", he adds
After identifying a number of malicious URLs that his research team has found on a number of second-level domains, Roesler says that blocking *.co.cc domains is a short-term, band-aid solution.
In addition, he asserts, if you map out a typical infection chain for the majority of blackhat search engine attacks, you notice that the malicious SLDs are more often used for the second, third, up to the fourth jumps or redirections.
"The doorway pages - the pages that are actually indexed by search engines - very rarely use *.co.cc. So blocking them makes no sense", he argues.
So what can the industry do to solve the problem?
Roesler says that blocking IP addresses is impossible, as too-large IPv6 address space makes this not viable.
"The only real and practical solution for users is multi-layered protection, a combination of email, web and file reputation technologies that correlate malicious components - much like the Smart Protection Network, which also allows users to take advantage of and contribute to a worldwide 1neighbourhood watch'," he says.
"We believe Google can create a real and lasting impact to protect users and help fight cybercrime by working with the top level registrars of domains like *.tv or *.cc to strategies about how they can make life for shady registrants more difficult", he adds.
The Trend Micro director of threat research concludes that Google's strength lies in being able to collate enough evidence to influence and put pressure on registrars to pull out SLDs hosting malicious activities.
"This is much more effective instead of simply restricting user access to an entire block since we know cybercriminals will just choose to jump SLDs (they are already doing so)", he said.
"This also unjustifiably penalises those who are actually using the said SLD for legitimate purposes", he adds.