New top-level domains used in spam

A new range of top-level domains, launched in January 2015 and intended for specific communities and organizations, turned out to be a tasty morsel for spammers - this is the result of Kaspersky Lab's analysis of spam and phishing landscape in the first quarter of 2015. For these cybercriminals, these new domains are a great tool to promote unwanted or illegal advertising campaigns.

Statistics on spam and phishing

  • The percentage of spam in e-mail traffic, according to data covering the first quarter of 2015, was 59.2% - which is a decrease by 6 percentage points compared to the previous quarter.
  • The United States maintained its position as the largest source of spam by sending 14.5% of unwanted messages.
  • Kaspersky Lab products registered 50,077,057 phishing attacks. It is 1 million more than in the previous quarter.
  • Phishing directed against clients of financial organizations accounted for 37.06% of all registered incidents.

Frauds that use new domains

The new top-level domain registration program (gTLD) allows organizations to choose a domain zone that is compatible with their business and the topic of their websites. For example, work-related pages can now use the .work domain, and science sites can be included in the .science domain. The business opportunities offered by the new gTLD program have been enthusiastically received by the internet community and we are currently observing the active registration of new domain names.

Newly spammers and cybercriminals also reacted to this new trend. As a result of their activity, new domain zones almost immediately became the arena for the distribution of advertising spam, phishing emails and malicious programs on a large scale.

The observation of e-mail traffic through Kaspersky Lab shows that in the first quarter of 2015 there was a significant increase in the number of new domains sending out spam content. Messages sent from .work domains usually contained offers for carrying out various types of work, including those related to the maintenance or construction of the house or installation of equipment. In contrast, many messages from .science domains advertised schools offering distance learning, training to prepare for the job of a nurse, criminal attorney and other professions.

In the first quarter, spam traffic also contained many e-mails sent from "colored" domains, such as .pink, .red or .black. These domains were often used to advertise Asian dating sites.

"The analysis of general data for the first quarter and information on the type of spam in new domains shows that insurance activity was one of the most popular topics in terms of the number of messages and the number of changing domains in mass mailings. This spam related to all types of insurance - life, health, property, vehicles, animals and funeral, "said Tatjana Szczerbakowa, a senior spam analyst, Kaspersky Lab.

The full report on spam and phishing operations in the first quarter of 2015 will be available soon in Polish on the service run by Kaspersky Lab.

source: Kaspersky Lab


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.