2 min

Tags in this article

, , ,

Web hosting provider and domain registration company GoDaddy has taken over 15,000 subdomains offline. The subdomains were used as part of a spam operation, which tempted users to come to web pages selling fake products.

Users received a spam mail promoting a product, writes ZDNet. If a user clicks on a link in the mail, he ends up on one of the subdomains that were hosted on legitimate sites. The owners of those legitimate websites knew nothing about it.

All sub-domains sold products that seemed to get support from celebrities. The names of Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton and Wolf Blitzer came up. Most of the products shown through the subdomains were brain supplements, CBD oil and weight loss pills.

The network of subdomains was discovered by security researcher Jeff White of Palo Alto Networks. The group’s domains were discovered two years ago, after which White also started an investigation into their operations. Since then, the researcher collects spam mail sent by the scammers and indexes the URLs of the subdomains that promote the fake products. White shared his findings with GoDaddy earlier this year, where most domains are hosted.

Research

The hosting party has now conducted its own research. The company believes that the scammer group has been using phishing or credential stuffing attacks in recent years to gain access to its customers’ accounts. If successful, the scammers created a subdomain for the legitimate website. This subdomain will later be used to host one of the product pages.

The hosting party states that hundreds of accounts have been hacked. After taking over 15,000 subdomains offline, GoDaddy also reset the passwords for hacked accounts and notified users. Users can then decide for themselves whether the burglars have left other malware in the accounts.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.