The Latest in IT Security

Rise of .in URLs in Spam

15
May
2012

Symantec has observed an increase in spam messages containing URLs using the country code top-level domain (ccTLD) for India. This chart shows percentage of spam containing .in URLs:

While there were few daily spikes last year, clearly there has been more activity in the last two months.

Looking back at last year, the ccTLD for India (.in) ranked tenth on our TLD distribution list:

Rank TLD % of URL Spam
1 .com 58.89%
2 .ru 9.16%
3 .info 8.57%
4 .net 6.10%
5 .org 3.39%
6 .br 2.56%
7 .ua 2.10%
8 dotted quad 0.69%
9 .uk 0.59%
10 .in 0.50%

However, the .in ccTLD jumps to the fifth spot when looking at the last month (while the percentage more than quadruples):

Rank TLD % of URL Spam
1 .com 68.47%
2 .ru 7.13%
3 .net 5.45%
4 .br 3.20%
5 .in 2.34%

Examining messages found in the Global Intelligence Network, Symantec researchers have found that the vast majority of spam messages containing .in URLs is hit & run spam. Back in March of this year Symantec noted an increase in hit & run spam and .in URLs appear to be associated with it.

Here are top ten subject lines from .in URL spam over the last five days:

Subject: Avoid Retail Markup
Subject: What Retailers Don't Want You to Know
Subject: Visitors Pass
Subject: Visitors Pass Alert
Subject: 4 foods that KILL fat and 7 food chemicals that CAUSE it
Subject: Visitors Pass Notification
Subject: Warning- You may not be protected by Norton. Update Now.
Subject: Health coverage with or without pre-existing conditions.
Subject: Special 2012 Savings - Eliminate entire phone bill
Subject: DirectBuy Visitors Pass Notification

Please note the use of the Norton brand above is unauthorized and that message is not from Symantec. Rather than providing antivirus software updates, as the message claims, these messages instead often deliver various malware to users.

Symantec will continue to monitor this trend and create additional filters to target these attacks. In addition, Symantec also advises enterprises and consumers to adopt the best practices found in the Symantec Intelligence Report.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments