Recently, Symantec has observed an increase in .eu domains contained within pharmacy and dating spam messages. The spam emails observed so far are predominantly in the German language. The specific patterns and characteristics demonstrate that the attacks employ a "hit-and-run" technique.
In "hit-and-run" attacks, spammers quickly rotate through the IP addresses and domains that are being used. Unlike 80% of spam attacks, these messages are not sent from botnets of compromised computers, but from mail server IP addresses with a previously unknown reputation.
Recent data obtained from the Symantec Global Intelligence network shows that the number of spam emails that contain .eu domains increased slightly in the first and third week of June. Furthermore, the number of spam emails containing .eu domains written in the German language increased considerably in the last week of June.