Hosting provider and domain registrar GoDaddy has disabled more than 15,000 subdomains that were used as part of a massive spam operation designed to attract users to pages selling fake products.
Users received an email with a product advertisement. If they clicked on links in a letter, they would end up on one of the subdomains created on legitimate websites – without the knowledge of their owners.
Among the products advertised through these subdomains were supplements to improve brain function, diet pills, hemp oil, and other dietary supplements.
A network of malicious subdomains was discovered by security researcher at Palo Alto Networks, Jeff White . It happened about two years ago. All this time, White collected letters sent by fraudsters and indexed URLs promoting fake products. After collecting enough data, he relayed this information to GoDaddy.
GoDaddy’s own investigation revealed that the scammers also carried out phishing attacks in order to gain access to the accounts of the company’s clients.
Having access to their accounts, the attackers created subdomains on the GoDaddy client sites, which they then used to place pages advertising the products and ensure the flow of users to them using spam mailings.
According to GoDaddy, “several hundred” accounts were thus compromised. For security reasons, passwords were reset in all of them, and affected users notified of the incident.
According to the hoster, the “shadow” subdomains received millions of transitions.