Application security, Incident Response, TDR

Researchers detect spike in “snowshoe” spam attacks using .club gTLD

A rise in hit-and-run spam attacks, also known as “snowshoe” spam attacks, has been detected by researchers at Symantec.

Using the Symantec Global Intelligence Network, experts noticed the increase on Thursday, coming specifically from .club domains.

In snowshoe spamming, miscreants use multiple IP addresses and generic top-level domains (gTLD) – in this case .club – to perform the attacks and thwart detection by spam filters. The Internet Corporation for Assigned Names and Numbers (ICANN) released a list of gTLDs, which are internet domain name extensions with three or more characters, earlier this year and .club was included.

Some of the “From” header lines in the spam messages include “CarClearanceLot,” “CarSavingsEvents,” and “PriceNewCar.”

According to a recent blog post, researchers at Symantec are working “with the administrators of the .club gTLD” to “shut down any spam domains” within its zone.

Related

GitHub search exploited for malware distribution

Malware-laced GitHub repositories using popular names and topics are being advanced by threat actors through automated updates and fraudulent stars meant to manipulate the leading software developer platform's search rankings as part of a new open-source supply chain attack, The Hacker News reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.