Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

New Arrival in Russian Spam - .РФ

Created: 09 Feb 2011 15:47:32 GMT • Updated: 23 Jan 2014 18:22:56 GMT • Translations available: 日本語
Samir_Patil's picture
0 0 Votes
Login to vote

The domain .РФ (.rf) is the internationalized domain name (IDN) for domains registered under the Russian Federation. The .rf top-level domain (TLD) became operational on May 13, 2010, and was officially opened up for public registration on November 11, 2010. The traditional country code top-level domain (ccTLD) for Russia is .ru. In recent times, we have been observing a considerable amount of spam emanating from the .ru TLD. With .rf domains becoming available for public use, spammers will now have a new lease of life.

Let's delve a little deeper into what TLD means to Russia. рф (Российская Федерация) is transliterated as “Rossiyskaya Federatsiya”, i.e. the Russian Federation. The domain has an ASCII representation of xn--p1ai, derived as punycode for use in the domain name system (DNS). It is intended for Internet resources such as websites with names in the Russian language using the Cyrillic alphabet. Which, in short, is a long awaited dream of the Russian Federation.

Below is a sample of spam using the .rf domain:

Translation:

Subject: Wanna drink beer? Easy!
Message: Delivery of beer and snacks. Error! Hyperlink reference not valid.

Usually, Russian attacks target victims using online marketing promotions with peculiar phone numbers and email addresses for future contact. The .ru domain is the second largest TLD used by spammers. With the anvil of .rf TLDs, we expect a rise in spam as it becomes popular among the Russian masses. Since the domain name is written in the Cyrillic character-set, we anticipate the spread of this new tactic in countries that use this character set, leading to region-specific spam.

Keeping its sentimental value in mind, it is not surprising to see people flocking to register such domains. One could easily guess the ripple effect it will have on spam! Don’t be surprised to see spammers hosting .rf spam domains, offering .rf domains at highly hyped prices, and unbelievable discount for domains that might not even exist! We at Symantec are keeping a close eye on this trend and will keep our readers updated.

Note: Thanks to Poonam Keluskar for contributions to this blog.