• by Ray Schultz , April 26, 2019

Subdomains belonging to GoDaddy customers were used by spammers to sell bogus products, including weight-loss cures, brain boosters and CBD oil, according to a report by security researcher Palo Alto Networks.

GoDaddy last month took down 15,000 compromised subdomains belonging to several hundred customers following a lengthy probe by Palo Alto Networks’ Unit 42 researcher Jeff White.  

The attackers probably accessed the subdomains through credential stuffing and phishing scams that tricked users into revealing their passwords, White reports.

The result was a wave of spam emails containing short links to websites promoting the useless products with endorsements by such well-known people as Stephen Hawking, Jennifer Lopez and Gwen Stefani.

These were part of a "massive campaign in which affiliate marketers used spam to push victims to sites where they were sometimes tricked into unknowingly signing up for expensive subscriptions for goods."

White noticed a similarity in templates used by websites selling different questionable goods.

GoDaddy reviewed White’s findings and shut down the subdomains.

Palo Alto Networks urges subdomain owners to secure their accounts with unique, strong passwords and two-factor authentication, and advises consumers to be wary of online scams, particularly when marketed by email or online ads.

As part of his initial probe into scam sites, White found one that said: “Stephen Hawking Predicts, ‘This Pill Will Change Humanity.’

Another proclaimed: “Gwen Stefani Shares Blake Shelton’s Secret To Rapid Weight Loss.”

When these schemes faded out, they were replaced by ones like this: “Why Every Judge On Shark Tank Backed This Product From Milpitas.”

"On a scale of 1 to 10 for the 'Worst Types of Spam' you can receive, approaching that perfect 10 score is spam related to 'snake oil' products that are so patently fake that you struggle to understand why they would even bother trying to sell it," White writes.