Black SEO will always be trending, and targeting dead domains and subdomains associated with major brands and popular companies is far from new.
However, the scale of the threat posed by the SubdoMailing campaign, in which more than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions were seized in order to spread spam and monetize clicks, is striking.
About the issue they told me researchers at Guardio Labs, who have been tracking coordinated malicious activity since at least September 2022, attribute it to ResurrecAds, already known for manipulating the digital advertising ecosystem for self-serving reasons.
According to experts, the attackers manage a vast infrastructure covering a wide range of hosts, SMTP servers, IP addresses and even private home connections to Internet service providers, along with many additional proprietary domain names.
The trust associated with these domains is used to spread spam and malicious phishing emails by several million each day, cleverly taking advantage of them to bypass spam filters and customized SPF and DKIM email policies.
The attackers arsenal includes subdomains associated with major brands and organizations such as the ACLU, eBay, Lacoste, Marvel, McAfee, MSN, Pearson, PwC, Swatch, Symantec, The Economist, UNICEF, and VMware, among others.
The campaign is notable for its ability to bypass standard security locks, and the entire message text is presented as an image in order to avoid text spam filters, however, a click on which initiates a series of redirects through different domains.
Moreover, these redirects check your device type and geographical location, leading to content with maximum monetization.
The scenarios range from annoying ads or affiliate links to more deceptive tactics aimed at fraudulent quizzes, phishing sites, or even malware downloads.
There are few protection options, but in order to somehow identify the threat, Guardio Labs specialists created a site for checking subdomains, which allows domain owners to determine whether their brand is being abused.
However, the scale of the threat posed by the SubdoMailing campaign, in which more than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions were seized in order to spread spam and monetize clicks, is striking.
About the issue they told me researchers at Guardio Labs, who have been tracking coordinated malicious activity since at least September 2022, attribute it to ResurrecAds, already known for manipulating the digital advertising ecosystem for self-serving reasons.
According to experts, the attackers manage a vast infrastructure covering a wide range of hosts, SMTP servers, IP addresses and even private home connections to Internet service providers, along with many additional proprietary domain names.
The trust associated with these domains is used to spread spam and malicious phishing emails by several million each day, cleverly taking advantage of them to bypass spam filters and customized SPF and DKIM email policies.
The attackers arsenal includes subdomains associated with major brands and organizations such as the ACLU, eBay, Lacoste, Marvel, McAfee, MSN, Pearson, PwC, Swatch, Symantec, The Economist, UNICEF, and VMware, among others.
The campaign is notable for its ability to bypass standard security locks, and the entire message text is presented as an image in order to avoid text spam filters, however, a click on which initiates a series of redirects through different domains.
Moreover, these redirects check your device type and geographical location, leading to content with maximum monetization.
The scenarios range from annoying ads or affiliate links to more deceptive tactics aimed at fraudulent quizzes, phishing sites, or even malware downloads.
There are few protection options, but in order to somehow identify the threat, Guardio Labs specialists created a site for checking subdomains, which allows domain owners to determine whether their brand is being abused.
