Trends in Networks: Spam #2

In last week’s article we covered Freenom domains and how they are used in Digital Ocean snowshoe spam campaigns. Let’s see what kind of activity has been coming from Digital Ocean over the past week. While not a Freenom TLD, this time we’ve also included .xyz domains in the data set for those researchers who have expressed interest.

Aug14	x2	x2	x1

Aug15	x1	x2

Aug17	x1	x5	x1	x10	x28	x1

Aug18	x11	x11	x2	x14	x2	x1	x2	x2	x2

Aug19	x1	x3

Aug20	x2	x36	x5

So, what more can be said about this activity other than it is garbage, easily preventable, and (disappointingly) not being dealt with? Let’s dig deeper and check out what kind of spam is being sent.

Right click ‘View Image’ for a clearer image.

The above case is purely a malicious email, pretending to be an interested buyer and trying to get you to download and execute the attached file. This attached file is identified as the malware ‘AgentTesla’, a keylogger and RAT (Remote Access Trojan) with the ability to exfiltrate data into the hands of a bad actor.

You might think it is quite obviously spam, and that you’d never fall for it. However, sometimes that is the point. Spammers find success targeting the most gullible people, the ‘low hanging fruit’ if you will. It’s frustrating that large providers allow their networks to be abused like this, with no repercussions to their lack of action.

Whom does the onus belong to when it comes to malicious activity occurring? Should the end users, the victims that this spam targets, simply educate themselves and purchase better anti-spam and anti-malware tools? Should we wait for the Spammers to discover the error of their ways and turn to a new light? Or should the network providers, the ones that can most easily detect and deal with the problem, be responsible for their non-efforts when it comes to cleaning up the obvious abuse of their services?

Sure, reporting to abuse contacts is good when it works, but too much of the time it is ‘bandage’ fixes and not systematic changes to prevent future abuse. As mentioned, we’ve been seeing this pattern for years, and it isn’t stopping. Malware, phishing, and spammy marketing continue to pour out of this network.

This entry was posted in Informative and tagged , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply