A wildcard DNS record (*.example.com) will resolve all requests that are not matched by any other record. Wildcards are typically used to manage errant or mistyped e-mail addresses, but have been routinely abused by spammers.

In recent weeks wildcard DNS settings have been used in a wave of phishing attacks on Barclays Bank, in which the "bait" email included URLs starting with barclays.co.uk, followed by a lengthy sequence of letters and symbols. Several examples:

http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/
http://barclays.co.uk|YJ3EMOHOqljQ8J5oW2ZKyTaRMQOahSWaxTrFTEQK9l9VVQj6jDtyq10d24r2h0bijh2
http://barclays.co.uk|34fdcb4rvdnp9phxbahhvbs6l56a2uyx%2edivxmovies%2ea%74/41pvaw3/

The phishers use a wildcard DNS setting at a third-party redirection service (kickme.to) to construct the URLS. The wildcard allows the display of URLs beginning with "barclays.co.uk," which is followed by a portion of the URL which is encoded to obscure the actual destination domain.

Full article, more information and fraud site screengrabs available at Netcraft.com