Security News > 2024 > February > Hijacked subdomains of major brands used in massive spam campaign
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising.
"The campaign is called"SubdoMailing, as the threat actors hijack abandoned subdomains and domains belonging to well-known companies to send their malicious emails.
As these domains belong to trusted companies, they gain the benefit of being able to bypass spam filters and, in some cases, take advantage of configured SPF and DKIM email policies that tell secure email gateways that the emails are legitimate and not spam.
These email policies are used to prove to secure email gateways that the sender of an email is legitimate and should not be treated as spam.
This makes the threat actor's emails appear to legitimately come from a reputable domain, like MSN. The operation generally leverages the hijacked domains for sending spam and phishing emails, hosting phishing pages, or hosting deceptive advertising content.
Currently, the campaign operates through globally distributed SMTP servers configured to disseminate fraudulent emails through a massive network of 8,000 domains and 13,000 subdomains.