Malware on Hijacked Subdomains, a New Trend?

The Unmask Parasites blog discusses a technique attackers are using more and more often recently: modifying a compromised site's DNS settings to redirect various subdomains to different IPs that serve up malware, often leaving site administrators none the wiser. Quoting: "It is clear that hackers have figured out that subdomains of legitimate websites are an almost infinite source of free domain names for their attack sites. With access to DNS settings, they can create arbitrary subdomains that point to their own servers. Such subdomains can hardly be noticed by domain owners who rarely check their DNS records after the initial domain configuration. And they cost nothing to hackers. I wonder if using hijacked subdomains of legitimate websites is a new trend in malware distribution or just a temporarily solution that won't be widely adopted by cybercriminals in the long run (like dynamic DNS domains last September)."

Wildcard SSL

[oztiks]

Since a lot of hosting automation software (cPanel) sets up an a name for @ giving the power singularly to apache also lends it self to have the ability to mask it as being secure.

It isnt a nameserver its moreover a webserver one.

Re:Also done with 404 Error Documents

[commodore64_love]

So can these hacks be used to get around "NoScript"? I currently have it set to:

- Temporarily allow top-level sites by defualt
--- Base 2nd level Domains (noscript.net)

Re:unravel the illicit infrastructure

[drdrgivemethenews]

At least in the example given, it would seem pretty feasible to do this at the GoDaddy site itself, where all the A records are centralized. How many businesses registered with GoDaddy have subdomains in different class A or even class B networks?