There is an increase in the amount of hit-and-run spam attacks, researchers said.
Using the Symantec Global Intelligence Network, researchers noticed the increase in these “snowshoe” spam attacks Thursday coming from .club domains.
In snowshoe spamming, attackers use multiple IP addresses and generic top-level domains (gTLD) – in this case .club – to perform the attacks and thwart detection by spam filters. The Internet Corporation for Assigned Names and Numbers (ICANN) released a list of gTLDs, which are Internet domain name extensions with three or more characters, earlier this year and .club was one of them.
Some of the “From” header lines in the spam messages include “CarClearanceLot,” “CarSavingsEvents,” and “PriceNewCar.”
Symantec said in a blog post they are working “with the administrators of the .club gTLD” to “shut down any spam domains” within its zone.