Home » Cyber Security News » New malspam campaign exploits DNS records to target victims

New malspam campaign exploits DNS records to target victims

  • The spam campaign, which specifically targeted UK users, relied on DNS TXT records and redirected users to a fraudulent trading site.
  • IP addresses associated with the campaign are likely linked with Necurs botnet.

A new malspam campaign targeting UK users has been spotted in the wild. MyOnlineSecurity.com which came across a number of spam emails related to this campaign found that the scammers attempted on compromising DNS in their methods. The spam emails contain HTML attachments which upon clicking redirects users to a fraudulent trading site.

Key highlights

  • The campaign specifically targets users in the UK. As stated by MyOnlineSecurity.com, the fraudulent site https://appteslerapp[.]com was reported to work for users only in the UK. Users outside the UK had a blank page or a ‘loading’ page.
  • The spam emails used in the campaign were from IP addresses which were earlier used by Necurs botnet.
  • The malicious HTML attachments contained a base64 encoded URL to call a Google DNS service in order to look for a domain. Analyzing further, it was a DNS TXT record that tells the HTML attachment to redirect users to the fraud site.
  • Domains used in the campaign resolve to a single domain hosted by a Ukrainian company called AS48031.

Worth noting

MyOnlineSecurity also observed that the attackers extensively used domains ending with .icu.

“All the icu domains were recently registered over the last month or so using namecheap who have their usual less than $2 special offer sale, so making it extremely easy for the criminals to buy hundreds of the domains,” MyOnlineSecurity reported.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket