GoDaddy shuts down 15k subdomains used in massive spam campaign

Hackers used legitimate sites to peddle fake goods online

Web hosting provider and domain registrar GoDaddy has taken down over 15,000 subdomains following a two-year investigation into a spam operation that tried to sell consumers fake products.

First users would receive a spam email promoting a product and if they happened to click on any of the links contained within the message, they would be sent to one of the fraudulent subdomains which were hosted on legitimate sites without their owner's knowledge.

All of the subdomains that were part of the scam shared one thing in common, they all sold products backed by fake endorsements from celebrities including Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, Wolf Blitzer, the cast from Shark Tank and others.

How web hosting affects security
The 10 most common cybersecurity scams uncovered
World's largest web hosting sites hit by security fears

In terms of the fake products being peddled on these scam subdomains, the majority were health-related such as CBD oil, weight loss pills and brain supplements.

Hacked GoDaddy accounts

The massive network of shady domains was first discovered by security researcher Jeff White at Palo Alto Networks two years ago and since then he has been collecting the spam emails sent out in the campaign and indexing the subdomain URLs promoting these fake products.

White shared his findings with GoDaddy earlier this year and the company then launched its own investigation into the matter in which it discovered that the group behind the scam had likely used either phishing or credential stuffing attacks to gain access to its customers' accounts.

After gaining access to a user's GoDaddy account, the cybercriminals would create a subdomain for their legitimate sites that would later be used to host shady product pages and lure users with spam email campaigns.

The web host has put the number of hacked accounts at “several hundred”. After taking down more than 15k subdomains from its servers, GoDaddy also reset the passwords for the accounts that had been compromised and notified the users that had been impacted.

In related web hosting news, ICANN, the organization which oversees the domain name system, has proposed an end to price caps on the .org, .info and .biz top-level domains. The move comes at a time when the domain name system has seen thousands of new extensions added over the past five years, all of which are free to set their own prices. If the change does go into effect, the cost of hosting a website could rise significantly over the next few years.




READ MORE: