DNR- Now, because it links to a URL to a regular webserver, the link leads to a standard drive-by attack (just visiting the link can upload hostile script) or intice you to dl hostile wares.New Domain, Old Spam - .mobi sites
The new .mobi domain is being used by spammers. .mobi is the domain intended for sites to be viewed on mobile devices. The .mobi sites are primarily selling replicas (e.g. fake Rolexes). What is most interesting is that the spammers are creating tens of thousands of sub-domains to increase the randomization of the spam messages to try to prevent their messages from being blocked by anti-spam engines. .mobi Spam Sample
Of the more than 30,000 .mobi sub-domains used during one outbreak, most of the ads were from these three domains: .maloocafe.mobi, .wantbigger.mobi, and .bigisgood.mobi. All three of these .mobi sites led to a sexual enhancement supplement.
Because the spammers want users to view their sites on regular computers and not mobile devices, these .mobi URLs redirect to a standard web site.
http://digitalnomad.suck-o.net/DNR/red/spambot.pdf
DNR