Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Increased usage of unregistered spam domains

Consider a spam email that promotes an online casino site. URL check and filtering systems that block access to such sites usually run a few checks before adding the URL to the “spam” category. One of these checks is that the URL is registered. Once this is known the date of registration can be checked – bad sites usually have registrations that are only several hours old and this is then an important indicator of the reputation of a site.

But what if the site is not registered (as in the spam example shown above)? Many URL reputation systems will not blacklist such a site and will not be able to pursue any further reputation checks (such as the date of registration). This loophole allows spammers to send out emails linking to unregistered URLs – and then register them an hour or so after the outbreak in order to prevent the URLs from being blocked.

Although this trick has been used in the past, the previous 2 weeks have seen extensive usage made with outbreaks of several hundred million emails and many thousands of unregistered URLs. Of course a recipient who actually clicks on the link in the first hour or so will not reach the destination – but the spammers seem to think that this is worth the reduced blockage.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...