DDoS threat spam targets domain owners

An interesting and not that often seen approach to make users part with their hard-earned cash has been spotted recently by Symantec.

In the email in question, the spammer professes to be a hacker with a network of computers at his disposal large enough to execute a DDoS attack on users’ websites, and requests the recipients to send him $200 to prevent his use of this network against their websites:

The “To” field contains the email address that is provided by the registrant in the contact details for the domain (which can be discovered using a simple whois lookup), and the “Subject” header says “Hosting – Important Updates and Information” – making it look like the email is coming from the hosting service provider.

Symantec says the spelling mistakes in the email are intentional, so that the massage can evade content-based antispam filters. But, in this case, they can also lend a certain amount of credibility to the sender, since the name of the “hack project” sounds Slavic in origin. Perfect knowledge of the English language would, in this case, probably raise more suspicion.