In February, Vladimir Tsastsin, president of EstDomains, was convicted of credit card fraud, money laundering and document forgery, according to a letter (PDF) sent by ICANN to Tsastsin.
Under ICANN rules, the organization can end its accredidation agreement with any registar whose "officer or director...is convicted of a felony or of a misdemeanor related to financial activities...," the letter said.
ICANN said EstDomains, whose website lists a company address in Delaware, managed about 281,000 domains. However, many of those were controlled by cybercriminals to host malware such as rogue anti-virus software, drive-by downloads, rogue codecs and botnet command-and-control centers, Mikko Hypponen, chief research officer of anti-virus firm F-Secure, said Thursday.
"If you want to host bad stuff, you need to have a domain to host it under," Hypponen told SCMagazineUS.com. "You need a registrar willing to ignore the complaints [from users]."
Tsastsin's conviction came to light in a Sept. 8 blog post by Washington Post writer Brian Krebs in his Security Fix column.
ICANN said it will work to avoid any issues that may result during the domain transfer process.
"It was the favorite registrar for the [cybercriminal] underground," Hypponen said. "Now, they'll have to find another one."
It is unlikely one entity will take over all the domain names, Hypponen said. Instead, they likely will be scattered across a number of registrars.
The challenge for legitimate registrars will be determining the "needles from the haystacks," he said, drawing that analogy to the malicious sites that EstDomains had certified.
Requests for comment to EstDomains were unsuccessful. An EstDomains' answering machine did not allow messages to be left and emails sent to two addresses on its website bounced back.