Security News > 2024 > February > SubdoMailing campaign spams 5 million emails daily via 8k hijacked domains
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising.
"The campaign is called"SubdoMailing, as the threat actors hijack abandoned subdomains and domains belonging to well-known companies to send their malicious emails.
As these domains belong to trusted companies, they gain the benefit of being able to bypass spam filters and, in some cases, take advantage of configured SPF and DKIM email policies that tell secure email gateways that the emails are legitimate and not spam.
Clicking on the embedded buttons in the emails takes users through a series of redirections, generating revenue for the threat actors via fraudulent ad views.
This makes the threat actor's emails appear to legitimately come from a reputable domain, like MSN. The operation generally leverages the hijacked domains for sending spam and phishing emails, hosting phishing pages, or hosting deceptive advertising content.
Currently, the campaign operates through globally distributed SMTP servers configured to disseminate fraudulent emails through a massive network of 8,000 domains and 13,000 subdomains.