.Mobi Spam

Fight back! So don't expect to find lame "fake login screens" or similar stuff here.
Post Reply
User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:
Contact DNR

.Mobi Spam

Post by DNR »

New Domain, Old Spam - .mobi sites

The new .mobi domain is being used by spammers. .mobi is the domain intended for sites to be viewed on mobile devices. The .mobi sites are primarily selling replicas (e.g. fake Rolexes). What is most interesting is that the spammers are creating tens of thousands of sub-domains to increase the randomization of the spam messages to try to prevent their messages from being blocked by anti-spam engines. .mobi Spam Sample
Of the more than 30,000 .mobi sub-domains used during one outbreak, most of the ads were from these three domains: .maloocafe.mobi, .wantbigger.mobi, and .bigisgood.mobi. All three of these .mobi sites led to a sexual enhancement supplement.
Because the spammers want users to view their sites on regular computers and not mobile devices, these .mobi URLs redirect to a standard web site.
DNR- Now, because it links to a URL to a regular webserver, the link leads to a standard drive-by attack (just visiting the link can upload hostile script) or intice you to dl hostile wares.

http://digitalnomad.suck-o.net/DNR/red/spambot.pdf

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Post by bad_brain »

.mobi TLDs will go the same way as the .biz ones....the spammers registered that much domains that the TLD will have a bad name in general and will not be usable anymore for people that want to make legitimate business...
:roll:
Top
Post Reply

Return to “Phishing/Spam”