Subdomains belonging to GoDaddy customers were used by spammers to sell bogus products, including weight-loss cures, brain boosters and CBD oil, according to a report by security researcher Palo Alto Networks.
GoDaddy last month took down 15,000 compromised subdomains belonging to several hundred customers following a lengthy probe by Palo Alto Networks’ Unit 42 researcher Jeff White.
The attackers probably accessed the subdomains through credential stuffing and phishing scams that tricked users into revealing their passwords, White reports.
The result was a wave of spam emails containing short links to websites promoting the useless products with endorsements by such well-known people as Stephen Hawking, Jennifer Lopez and Gwen Stefani.
These were part of a "massive campaign in which affiliate marketers used spam to push victims to sites where they were sometimes tricked into unknowingly signing up for expensive subscriptions for goods."
White noticed a similarity in templates used by websites selling different questionable goods.
GoDaddy reviewed White’s findings and shut down the subdomains.
Palo Alto Networks urges subdomain owners to secure their accounts with unique, strong passwords and two-factor authentication, and advises consumers to be wary of online scams, particularly when marketed by email or online ads.
As part of his initial probe into scam sites, White found one that said: “Stephen Hawking Predicts, ‘This Pill Will Change Humanity.’
Another proclaimed: “Gwen Stefani Shares Blake Shelton’s Secret To Rapid Weight Loss.”
When these schemes faded out, they were replaced by ones like this: “Why Every Judge On Shark Tank Backed This Product From Milpitas.”
"On a scale of 1 to 10 for the 'Worst Types of Spam' you can receive, approaching that perfect 10 score is spam related to 'snake oil' products that are so patently fake that you struggle to understand why they would even bother trying to sell it," White writes.
Ray, thanks for the story. However this is not the worse case of domain name selling to the bad guys. There is a massive attack by a domain seller out of AZ that is not GoDaddy that has sold over a thousand domain. These are cheap domains that use .info, .site and other extentions. The bad guys even have a Russian connection and the privacy is through an attorney in a third country. On the domains, the bad guys create totally fake multiple contents pages then interconnect the domains with URL links. The way they have this set up, the 1000 domains turn into maybe 100,000 or more bad links on the net. By doing so, the bad guys don't need to hijack domains be cause it's cheaper to buy the names. IF there is a worse side, it is the search engine companies know about this but refuse to address the problem. Mean while, the bad guys are gunning for certain online companies like my own.