February 27, 2024 at 09:29AM
The “SubdoMailing” ad fraud campaign utilizes over 8,000 legitimate domains and 13,000 subdomains to send up to five million fraudulent emails daily. Notable brands like MSN, VMware, and eBay have been unknowingly involved, aiding in bypassing spam filters. The threat actors profit from ad views and scams, with Guardio Labs attributing the campaign to “ResurrecAds.”
Based on the meeting notes, it is clear that the “SubdoMailing” ad fraud campaign is a significant threat, utilizing a vast network of legitimate internet domains and subdomains to send fraudulent emails and generate revenue through scams and malvertising. The threat actors have targeted well-known companies’ domains, exploiting abandoned subdomains and domain hijacking to bypass spam filters and legitimate email policies, thereby lending credibility to their fraudulent activities. The campaign involves the redirection of users and ultimately leads to fake giveaways, security scans, surveys, or affiliate scams, resulting in substantial daily email volumes. Guardio Labs’ researchers Nati Tal and Oleg Zaytsev have identified the campaign and developed a checker site to help domain owners detect and take action against this abuse. The fraudulent activities of the threat actors appear to be well-organized and rapidly evolving, with a high level of operational scale and complexity.
Let me know if you need any additional information or if there is anything else you would like me to assist you with.