A massive ad fraud campaign, dubbed “ SubdoMailing ,” exploits hijacked subdomains of major brands to deliver up to 5 million malicious emails per day. This large-scale cyberattack highlights the vulnerability of security systems and the growing risks for Internet users.
Prestigious names misused for malicious purposes
Well-known brands such as MSN , VMware, McAfee, The Economist , Cornell University, CBS, NYC.gov, PWC, Pearson, Better Business Bureau, Unicef, ACLU, Symantec, Java.net, Marvel and eBay were victims of this campaign . Hackers exploit users' trust in these names to bypass spam filters and distribute their fraudulent messages.
A sophisticated ploy to maximize profits
Cybercriminals use two main techniques to hijack subdomains:
- CNAME attacks: They search for subdomains with CNAME records pointing to unregistered external domains, then register them themselves.
- Leveraging SPF Records: They leverage the “ include :” option in SPF records to import authorized email senders from external domains that they now control.
By modifying the SPF records of compromised domains, hackers can make their emails appear to come from legitimate brands, increasing the likelihood that they will be opened by recipients.
A sprawling and constantly evolving network
SubdoMailing uses a vast network of 8,000 domains and 13,000 subdomains, 22,000 IP addresses and a thousand residential proxies to distribute its fraudulent emails. The operation is run by a malicious actor, nicknamed “ ResurrecAds ,” who constantly searches for new domains to hack and updates its infrastructure to maintain its effectiveness.
A considerable impact and increased risks for Internet users
The scale of the SubdoMailing campaign is alarming. Scam emails may contain links to phishing websites , malware , or scams . Users who click on these links risk losing their personal data, being infected by viruses or financial theft.
How to protect yourself?
- Be vigilant : Be wary of emails from unknown addresses, even if they appear to come from a trusted brand.
- Never click on links in suspicious emails.
- Verify the sender : Make sure the sender's email address matches the brand it claims to represent.
- Hover over the links before clicking on them to view the actual URL.
- Use effective antivirus and anti-spam software .
- Stay informed about the latest cybersecurity threats.
An urgent call to action
The SubdoMailing campaign highlights the need for increased collaboration between businesses, authorities and Internet users to combat cybercrime. Domain owners should take steps to protect their subdomains from hacking, and users should be made aware of the risks and ways to protect themselves.
In conclusion , the SubdoMailing cyberattack is a serious warning. It is essential that all stakeholders come together to counter the growing threat of cybercrime and protect Internet users.
