As the Chinese New Year (Spring Festival) continues to be celebrated around the world, a recent increase in the abuse of the .cn (China) country code top-level domain (ccTLD) has been observed in spam messages. A top-level domain (TLD) is the part of a domain name that follows the final “dot” of any domain name. A ccTLD is a top-level domain generally reserved or used by a country or dependent territory. As noted in the January 2009 Symantec State of Spam Report, approximately 90 percent of all spam messages today contain some kind of URL. In January 2009, an average of 32.5 percent of the URLs observed have had a .cn ccTLD, compared to the average of 57 percent of URLs that had a .com TLD.
Spammers often rotate domains and TLDs in their spam messages because they likely feel this tactic allows them to circumvent some anti-spam filters that depend on pattern matching to block the spam message. The URLs (with a .cn ccTLD) observed recently have often tried to direct recipients to “offers” of pharmaceutical products.
The Ox is thought to be the sign of prosperity through fortitude and hard work. As the New Year begins, let’s work together to take action and minimize the impact of these individuals and networks who send spam messages.