GoDaddy Purges 15,000 Bogus Subdomains, Explaining Why Your Favorite Websites Sometimes Host Fishy Ads
Web hosting provider and domain registrar GoDaddy just announced that they have taken down more than 15,000 subdomains that were being used as part of an elaborate affiliate marketing spam operation, ZDNet reports. In a long-running and pervasive spam operation, consumers would be targeted with emails directing them to the subdomains, which featured illegitimate ads for sometimes non-existent products. The pages would be hosted on legitimate websites without the knowledge of the sites’ owners.
Common themes are visible across a variety of the scams.
For one, they often featured celerity endorsements, which were completely manufactured. Celebrities featured have included Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, Wolf Blitzer, and Shark Tank cast members. Another theme is the nature of the products themselves, which were frequently supplements including CBD oil, weight loss pills, and other nutrition products.
“On a scale of 1 to 10 for the ‘Worst Types of Spam’ you can receive, approaching that perfect 10 score is spam related to ‘snake oil’ products that are so patently fake that you struggle to understand why they would even bother trying to sell it,” wrote Palo Alto Networks researcher Jeff White, who chronicled the nuts and bolts of the activity in a detailed blog post. “When the act of sending unsolicited offers crosses the line from annoyance to dabbling in illegal acts, then the everyday spam becomes a lot more interesting.”
#Godaddy shutters 15K websites tied to scam websites associated to affiliate marketing @threatpost https://t.co/E7W4xfoIzy pic.twitter.com/aA8Td1tcSd
— RMK Consulting, LLC (@rmkconsulting) April 30, 2019
White goes on to describe in detail the logistics of scammers who blast internet users with spam email messages, direct them to fraudulently hosted web pages on otherwise legitimate domains, and then use dishonest ads to sell questionable products.
A GoDaddy investigation revealed that hundreds of the company’s accounts had been hacked, likely through phishing techniques aimed at legitimate websites. In all, GoDaddy removed more than 15,000 of the illegally created pages and reset the password credentials of those accounts. They estimate that the total volume of traffic driven through the pages has been in the millions of hits.
GoDaddy’s own internal investigation began when White shared with them his extensive findings, which he says began after curiosity took him down the “rabbit hole” of fishy affiliate marketing techniques. White’s own exploration of the phenomenon lasted almost two years.
White in his investigation compiled a wide variety of screenshots that taken together reveal a familiar format. While the posts generally dealt with a number of different products, the overall approach of wild, click-inducing claims coupled with compelling (if unlikely) celebrity endorsements, proved to be a consistent formula.
