Criminals are now looking to use established domain names, via phishing targeted at domain registrars. This is possibly related to ICANN finally moving to stop the black hat registrars of the world.
According to the first report on the matter sent Yesterday to Registrar Operations (reg-ops) mailing list, the attacks seem to be run by gang of child pornography spammers. The domain names in the .biz TLD are all using fastflux technology to make the attack more difficult to mitigate.
Ironically, the email spam claims that the user's domain, according to the subject, has "Inaccurate whois information".
Until ENOM and other registrars get their anti phishing services in place, I believe it is the job of the Internet security operations community to help them out by taking down these attacks.
The Registrar Operations group (reg-ops) will be watching for these and mitigating them as fast as possible, in close cooperation with the registrars and the security community.
Follow me on twitter! http://twitter.com/gadievron