A new malspam campaign targeting UK users has been spotted in the wild. MyOnlineSecurity.com which came across a number of spam emails related to this campaign found that the scammers attempted on compromising DNS in their methods. The spam emails contain HTML attachments which upon clicking redirects users to a fraudulent trading site.
MyOnlineSecurity also observed that the attackers extensively used domains ending with .icu.
“All the icu domains were recently registered over the last month or so using namecheap who have their usual less than $2 special offer sale, so making it extremely easy for the criminals to buy hundreds of the domains,” MyOnlineSecurity reported.