A rise in hit-and-run spam attacks, also known as “snowshoe” spam attacks, has been detected by researchers at Symantec.
Using the Symantec Global Intelligence Network, experts noticed the increase on Thursday, coming specifically from .club domains.
In snowshoe spamming, miscreants use multiple IP addresses and generic top-level domains (gTLD) – in this case .club – to perform the attacks and thwart detection by spam filters. The Internet Corporation for Assigned Names and Numbers (ICANN) released a list of gTLDs, which are internet domain name extensions with three or more characters, earlier this year and .club was included.
Some of the “From” header lines in the spam messages include “CarClearanceLot,” “CarSavingsEvents,” and “PriceNewCar.”
According to a recent blog post, researchers at Symantec are working “with the administrators of the .club gTLD” to “shut down any spam domains” within its zone.