It looks like another DNS compromise hack happening

I saw a fairly short-lived, reasonably low volume, malspam campaign earlier this morning that looks like it comes via Necurs Botnet and is somehow using a “new” compromise or security hole in the DNS system. These appear to be targeted at UK only and as far as I can tell ONLY a UK IP number will get a redirect to the scumware site. Other users don’t, at this time get anything. So far today the eventual target site has been https://appteslerapp.com/ which is pushing a very high risk stock trading scheme. Beware: the only people who get rich on these Continue reading →