.mobi Replica Sites Replicate

In case you don’t understand the cryptic headline, I’ll explain: part of our work in detecting and blocking spam is collecting information about spam sites that spammers try to drive users to visit. This web-related data that we gather from analyzing billions of messages each day will actually form a big piece of Commtouch’s next product offering early next year, in web security.

In the last few weeks, our detection center noticed a new domain ending being used, besides the usual spammer domains (.biz, .info), and that is .mobi, the domain that is intended for use only for sites that are viewed on mobile devices. The sites are primarily selling replicas (fake rolexes etc.), and what is interesting is that the spammers are not taking any chances, and creating upwards of 10,000 (!) sub-domains, in order to increase the randomization of the spam messages, to try to prevent their messages from being blocked by anti-spam engines.

Of course, since the spammers want users to view their sites on regular computers, and not mobile devices, these creative .mobi URLs redirect to a standard web site. It’s not a huge trend yet, but it appears one or more spammers has latched onto this technique, so keep an eye out for broader deployments.