The IBM X-Force Threat Intelligence team a vital aspect revealed in its 2017 Threat Intelligence Index that, spam levels increased, launching innumerable fresh malware-laced attachments consisting of ransomware and banking Trojans. Networkworld.com posted this, March 13, 2017.
Newer gTLDs, such as .click .top and .xyz, are now accounting for 5, 4 and 3 percent of spam emails respectively and, when combined, the top 20 new gTLDs accounted for nearly 22 percent of usage in spam emails in 2016.
Older gTLDs still account for 35 percent of spam emails.
More than six million domains have been registered using .xyz, with only half providing WhoIs information on their registrants, which, according to IBM, is an indicator of “potentially dubious use of the domain”.
More than 35 percent of the URLs found in spam sent in 2016 (Figure 1) used traditional, generic top-level domains (gTLD) .com and .info. Surprisingly, over 20 percent of the URLs used the .ru country code top-level domain (ccTLD), helped mainly by the large number of spam emails containing the .ru ccTLD.
Even the lesser known domains are already well-established in spammers’ business model. Of the top 20 TLDs used in spam emails, X-Force observed seven new gTLDs in the top 10 ranks of the overall list: .click, .top, .xyz, .link, .club, .space and .site.
These new, generic top-level domains provide two advantages to spammers:
- They allow spammers to vary their domain URLs and thus bypass spam filters.
- Some new gTLDs can cost as little as $1 to register, making them more lucrative to spammers who can automate the registration of hundreds of domains a day.