New domains revive old spam

The new generic top-level domain (gTLD) registration program, launched in January 2014 and intended for use by relevant communities and organizations, has proved irresistible to spammers, according to According to Kaspersky Lab. For cybercriminals, the new domains represent an excellent tool for promoting unwanted or illegitimate advertising campaigns.

Additionally, spam traffic in Q1 of 2015 included a large number of mass mailings with Microsoft Word or Excel attachments containing macro viruses. Fraudsters tried to lure users into opening the malicious files by disguising them as various documents, including financial. The fake messages often imitated notifications from well-known organizations and services.

Spam and phishing statistics:

• The proportion of spam in email traffic was 59.2 percent, which is 6 percent lower than in the previous quarter.
• The USA retained its position as the biggest source of spam, sending 14.5 percent of unwanted mail.
• Kaspersky Lab products recorded 50,077,057 instances that triggered the “Antiphishing” system. This was 1 million more than in the previous quarter.
• Phishing against customers of financial organizations accounted for 37.06 percent of all registered incidents.
• Insurance was one of the most popular themes for spam using the new domains both in terms of the number of messages and the number of changing domains seen in mass mailings.

New domain scams

The gTLD registration program gives organizations the opportunity to choose a domain zone that is consistent with their activities and the theme of their sites. For example, job websites can now use a .work domain and scientific websites could choose a .science domain. The business opportunities provided by the new gTLD program were enthusiastically endorsed by the Internet community and the active registration of new domain names is ongoing.

Spammers and cybercriminals have also been quick to react to the trend. As a result of their activities, new domain zones almost immediately became an arena for large-scale distribution of advertising spam, phishing and malicious emails. According to Kaspersky Lab’s email traffic observations, there was a considerable increase in the number of new domains that sent out spam content in Q1 of 2015.

In general there wasn’t much connection between the theme of the spam and the domain name, but in some cases there was a clear logical connection between them. For example, emails sent from the .work domains contained offers to carry out various types of work including household maintenance, construction or equipment installation. Additionally, many of the messages from the .science domains were advertising schools that offer distance learning and colleges to train nurses, criminal lawyers and other professionals.

“When looking at Q1 in general and the type of spam on the new domains, insurance was one of the hottest topics in terms of the number of messages and the number of changing domains in mass mailings. This covers all types of insurance – life, health, property, cars, animals, and funeral insurance,” said Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.