GoDaddy has taken down 15,000 subdomains peddling a variety of “snake oil” products.
According to a two year investigation, many of the domains they linked to were legitimate, belonging to customers whose accounts were apparently compromised.
Products being sold from these domains were illegal, unregulated, contraband or fake. The money siphoned via this type of ecommerce most likely caused millions of dollars in IP infringements as well.
An article at Wired says:
“GoDaddy and security firm Palo Alto Networks’ Unit 42 have taken down 15,000 subdomains dedicated to selling those phony pharmaceuticals under false pretenses. The two-year investigation that led them there offers some useful insights into what makes these campaigns tick.”
So how would the cybercriminals do it? According to the investigative report by Wired:
“Once they had access to those accounts, the hackers would leave the main website alone but surreptitiously create hundreds or even thousands of subdomains—like glad.justinbieberfannews.com. They would then use these so-called shadow domains to send spam emails or game the search-engine-optimization system, unbeknownst to the sites’ owners.”
Obviously, such an intervention to the domain’s settings requires access to the domain’s account at GoDaddy. That’s where good old phishing comes to play, according to the Wired article:
“GoDaddy recommends using multifactor authentication and different passwords on different services to avoid these types of attacks from being successful,” the company said in a statement.
“GoDaddy takes the security of our network and our customers’ accounts very seriously, and we’ll continue to collaborate with the security community to identify and resolve these types of attacks.”
GoDaddy shut down 15,000 of these subdomains in March. For the full coverage by Wired.com, click here.