Security News > 2021 > December > Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain.

Patterns observed include irregular domain names, domain resolving to an untrusted web app, SSL not enabled.

Using domain parking and monetization services is one way they can inexpensively create many fake accounts that they can then use in their large-scale bot campaigns.

To demonstrate how easy this is to do, we were able to establish an account for $1.18 in less than five minutes using Namecheap, one of several domain parking solutions available.

Shortly thereafter we were able to begin monetizing the new domain via the Namecheap-ParkingCrew partnership; a common practice for threat actors, evidenced by bot forums boasting of the money being made via rogue traffic hitting their parked domains.

Just as bots-as-a-service have made botting available to the masses, the use of domain registration and monetization services is another example of the commercialization of the botting industry.

News URL

https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/