15,000 Spam Domains Banned By GoDaddy
The security team Palo Alto Network’s Unit 42 and GoDaddy had partnered in taking down 15,000 domains that host spam and tasteless products online. Offers from these websites range from fly-by-night weight-loss drugs, dodgy food supplements and everything in between. The project to purge 15,000 spammy domains didn’t occur overnight, it took the Unit 42 and GoDaddy teams two years in conducting their investigation, this with the goal of minimizing false positives.
In their investigation, many names of celebrities were named by the domains as being their “endorsers” of the products they sell. This was an attempt to increase the reputation of the products they sell. Names such as Gwen Stefani and even the deceased Stephen Hawking were named as endorsers of medical products, stating that they were beneficial for their healthy living. The websites associated with the spamvertising were also seen as copying the visual designs of genuine prominent websites like E! Online and TMZ.
The sites mentioned also implement Facebook-like elements, like the “Like” button, but it does not function similar to how Facebook implements them. They were only there just as another link to selling more dodgy products. The websites also have the habit of asking people to use their credit card when buying their products, which adds more risk when it comes to their financial security.
“When people go to cancel, they realize that they can’t. A lot of times when they try to contact the company, no one gets back to them. No one’s ever going to get back to them, because that’s how these companies make their money, off of these refills,” explained Jen Miller-Osborn, Unit 42’s Deputy Director of Threat Intelligence.
All is not lost for the victims, as they may attempt to call their credit card provider in hopes of canceling the questionable credit card transaction. Of course, if the charge happened a long time ago, there will be challenges to cancel the transaction, and the charge already incurs its corresponding interest.
“In our process of analysis, we’re presented with an array of screenshots from the virtual systems that crawl these websites; this is why after seeing these images time and time again they eventually became ingrained in my mind and I could start to recognize templates being used and their slight variations over time. While this campaign phased out, there was another running in parallel with the same tactics but a different product, switching from “brain supplements” to ‘weight loss.’ It keeps the celebrity endorsement theme and continues masquerading as a legitimate website,” emphazed Jeff White, Senior Threat Researcher at Palo Alto Networks.
Some parts of the websites use URL-shortening service, these types of redirects are dangerous to any users as the only practical way to determine the destination site of a shortened URL is to visit it. Knowing the exact website where the shortened URL points to require knowledge that such service is available. One such service is http://checkshorturl.com/ but of course not all Internet users are aware of such, we hope that through this article we help you educate yourself in lessening the risks you face in the Internet every day.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.