Unmasking SubdoMailing: Guardio Labs Exposes Massive Ad Fraud Campaign

In a cutting-edge exposé, Guardio Labs has lifted the veil on a colossal ad fraud campaign that’s shaking the cyber world. Known as “SubdoMailing,” this scheme has co-opted over 8,000 legitimate internet domains and a staggering 13,000 subdomains. Major brands like MSN, VMware, McAfee, and The Economist are the latest victims of domain hijacking. These brands, once symbols of trust, now serve as unwitting pawns in a game of digital deceit.

Every day, five million scam and malvertising emails flood inboxes. They slip through security filters with ease, all thanks to an exploitation of the trusted names they bear. Cleverly crafted buttons within these emails lure users into a trap. A single click is all it takes. Users find themselves on a circuitous trek through redirections. Each step generates illicit revenue for the cybercriminals at the helm. All through fraudulent ad views.

This nefarious operation, active since 2022, does not just send spam. It sends sophisticated phishing emails, hosts deceptive web pages, and bombards the internet with misleading advertising content. The cunning behind this scheme is chilling. Threat actors orchestrate CNAME hijacking and SPF record manipulation to dress their malicious intents in a veil of legitimacy. These emails masquerade as friendly correspondents, fooling even secure email gateways.

Guardio Labs, the sleuths behind the detection of “SubdoMailing,” have meticulously pieced together the campaign’s vast network. Over 22,000 unique IP addresses form the backbone of this intricate web of deceit. The meticulous orchestration behind this operation spans a complex array of hijacked and purchased domain and IP assets. It mirrors a high level of organization and technical prowess.

The threat actor, dubbed “ResurrecAds,” systematically scans the internet for vulnerable domains. They purchase them and repurpose them as vehicles of their widespread email scam campaign. The primary goal? To maximize email-oriented ad clicks and line their pockets with the proceeds.

It’s a clarion call to action for website owners. Guardio Labs implores all domain holders to vigilantly check their assets for signs of compromise. They’ve developed a dedicated “SubdoMailing” checker tool to aid in this essential cybersecurity measure. Domain owners must rise to the challenge. They must employ this tool, reclaim their digital territories, and fortify their domain security against such rampant brand abuse.

For those at the forefront of protecting their online presence, the time to act is now. Access and utilize Guardio’s resource. This is a battle for digital integrity. Cybersecurity demands our unyielding commitment. Our vigilance, after all, is the bulwark against the tide of cyber malfeasance that threatens to erode the very foundations of our digital trust.