Cyber security company Guardio said that thousands of domains previously owned by well-known corporations were used to bypass anti-spam filters, allowing millions of spam emails to reach their intended recipients.
Online security company Guardio has reported the discovery of a SubdoMailing campaign in which attackers are using approximately 8,800 compromised domains, many of which were previously owned by well-known companies, to send millions of spam emails every day, bypassing anti-spam filters.
Guardio researchers have identified a significant number of misused domains used to send around five million emails per day. These domains, including more than 13,000 subdomains, were previously owned by organizations such as MSN, CBS News, New York City, Philips, and McAfee. Attackers use forgotten subdomains with active DNS records to bypass spam filters, increasing the effectiveness of their spam campaigns.
The SubdoMailing campaign, attributed to a threat called ResurrecAds, uses compromised domains to send emails that entice users to interact by sending them through a series of redirects to fraudulent or phishing websites. One example includes the subdomain “marthastewart.msn.com”, which was used by Microsoft over two decades ago.
Patrick Harr, CEO of anti-phishing company SlashNext, emphasized that having DMARC, DKIM, and SPF is important, but not sufficient to detect such threats.
He emphasized the need to use artificial intelligence technologies to effectively detect phishing threats hiding on legitimate sites.
Guardio has developed an online tool to check domains for abuse as part of the SubdoMailers campaign, highlighting the importance of raising awareness and protecting against such cyber threats.