Snowshoe spam attacks detected from .club domains

June 25, 2014

A significant increase in hit-and-run spam attacks (sometimes called snowshoe attacks) has been detected by the The Symantec Global Intelligence network.

Researchers from Symantec detected the attacks on 12 June as coming exclusively from .club domains. Earlier this year the Internet Corporation for Assigned Names and Numbers (ICANN) released a number of top level domains (also called GTLDs) with .club among them.

Over recent months, spammers have begun using the top level domains, with an emphasis on .club, to carry out hit-and-run spam attackers on individuals.

Characteristic of this type of attack is the ability to cycle through domains and IP addresses quickly. While doing so, it uses an unknown reputation to avoid detection. Due to the extremely quick nature of the attack, nothing can usually be done while it's underway.

As always, preventative measures are the best business option. Ethical hacking measures can be extremely useful, identifying potential points of entry before spammers have the option to launch an attack.

Symantec has advised users to be cautious when sharing email addresses and unexpected emails, as well as avoiding responding to spam emails.

"Symantec is in contact with the administrators of the .club gTLD and we will work together to shut down any spam domains within the .club zone," a researcher explained.

"We will continue to monitor this type of hit-and-run spam attack and create additional filters to protect our customers."

Leave a Reply

Your email address will not be published. Required fields are marked *