Spamming the whois database

Every once in a while, someone's reporting that Whois gives back strange reports for queries like msn.com:
MSN.COM.TW
MSN.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
MSN.COM

Then speculations arise about possible MSN or DNS or Whois hacks. However, this is only the result of a not-so-thorough Whois implementation.

The Whois database is the place for recording information about TDLs (top level domains). Generally the records consist of the name and contact of the owner, the registrar, registration/modification/expiration dates and the name servers of the domain.

Now, let's say I register example.com, and I decide to set up some subdomains. So I have www.example.com, this.is.an.example.com and msn.com.hacked.as.an.example.com. As they are valid host names, I could use them as name servers, and even report them to the whois database as such. Then when doing a whois search for msn.com would turn up my name server's address, as whois uses only simple text matching.

See also:
Wikipedia entry on whois
RFC 3912, the current Whois protocol specification