Application security, Incident Response, TDR

Researchers detect spike in “snowshoe” spam attacks using .club gTLD

A rise in hit-and-run spam attacks, also known as “snowshoe” spam attacks, has been detected by researchers at Symantec.

Using the Symantec Global Intelligence Network, experts noticed the increase on Thursday, coming specifically from .club domains.

In snowshoe spamming, miscreants use multiple IP addresses and generic top-level domains (gTLD) – in this case .club – to perform the attacks and thwart detection by spam filters. The Internet Corporation for Assigned Names and Numbers (ICANN) released a list of gTLDs, which are internet domain name extensions with three or more characters, earlier this year and .club was included.

Some of the “From” header lines in the spam messages include “CarClearanceLot,” “CarSavingsEvents,” and “PriceNewCar.”

According to a recent blog post, researchers at Symantec are working “with the administrators of the .club gTLD” to “shut down any spam domains” within its zone.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.