Spamhaus, a non-profit organization that researches spam circulation on the internet, has released a report on botnet operator activity (the major source of spam messages) in the second quarter of 2020. Unfortunately, according to Online Domain, the pandemic was no obstacle to botnets as between April and June 2020, 77 percent more botnet command servers were exposed than during the same period in 2019. Obviously, .COM is the most common target among gTLDs showing the highest figures across all indicators due to its absolute leadership in the domain market.
The second and third most abused domain zones are .TOP (a new gTLD) and the country-code top level domain of Equatorial Guinea .GQ. Both show meteoric growth in spam activity. Compared to the first quarter, 530 percent more botnet command servers were identified in .TOP and 316 percent more in .GQ. It is noteworthy that Germany’s ccTLD .DE made it to the Top 20 of the most popular domain zones among botnet operators – debuting in eighth place. The improvement in Palau’s ccTLD .PW is one of the recently recorded positive aspects: while in the first quarter it was listed as the third most abused domain zone, the number of botnet command servers decreased 91 percent in the second quarter allowing .PW to drop to 20th place in the ranking.
As for registrars whose services are most frequently used by botnet operators, US company Namecheap has been an unfortunate leader for quite some time now. It is followed by two other American registrars, Enom and NameSilo. Although they seem to have found a serious ‘competitor’ in Alibaba (China). In the second quarter, Alibaba showed a record surge (202 percent) in the number of registered domains that were later used for botnet command servers, climbing from 11th to 4th place on the list.