Domain name holders hit with personalized, malware-laden suspension notices

A clever new email spam campaign has been spotted targeting domain name holders, trying to trick them into downloading malware on their systems.

The emails take the form of a domain suspension notice, ostensibly sent by the registrar. Here is one example impersonating the Australian registrar Melbourne IT:

The email is likely to fool some recipients, as it contains the valid domain registration and the recipient’s full name, which the attackers must have harvested online, via the whois query. The sender’s email address is also spoofed to make it look like the sender is the domain registrar.

Those who get fooled and download and execute the file linked in the email will get saddled with malware – most likely a Trojan downloader, which will then proceed to download additional malware.

Melbourne IT’s team says that the malicious email campaign is impersonating a number of registrars, not just them.

California-based registrar and web host Dynadot has already warned its customers about these emails. Domainsatcost.ca and Google Domains customers have also been targeted.

Users are advised to delete these emails without downloading the fake complaint and, if they want to check whether everything’s good with their domain, to contact their registrar by using contact information provided on the company’s official website.