After 2 years of research by Palo Alto Networks security researcher Jeff White, GoDaddy, web hosting provider and domain registrar, has removed more than 15,000 subdomains that were being used as part of a spam operation that attracted users to websites selling fake products.
The modus operandi was almost always the same: users received an email promoting a product, and when they clicked, they arrived at one of these websites, subdomains created without the knowledge of the owner of the main domain.
Let’s imagine you have a branded store called myexamplestore.com and someone gets to create bargains.myexamplestore.com, sells fake products there taking advantage of your prestige, and starts bombarding users with spam.
In the promotions they always talked about celebrities who supported the products, such as Stephen Hawking, Jennifer Lopez, Gwen Stefani and others. Among them were products that promised to increase mental capacity, weight-loss pills and other dietary products.
Earlier this year Jeff White shared his findings with GoDaddy, where most of these domains were housed. He spent two years gathering information and links, with the emails that received spam and the websites that sold the products.
Apparently the group of scammers used phishing attacks to gain access to their victims’ hosting accounts in recent years. With that access they created subdomains hosted elsewhere and with bogus content. Now that the subdomains have been removed, the passwords have been reset to prevent the problem from happening again.