From 81d5ab53c7628d921a2f58bd5cba5bfd0f81e5b6 Mon Sep 17 00:00:00 2001
From: Lukas Vacula <lukas@lvacula.com>
Date: Tue, 27 Feb 2024 07:55:31 -0500
Subject: [PATCH] subdomailing

---
 content/shortnotes/subdomailing-campaign/index.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 content/shortnotes/subdomailing-campaign/index.md

diff --git a/content/shortnotes/subdomailing-campaign/index.md b/content/shortnotes/subdomailing-campaign/index.md
new file mode 100644
index 0000000..4d2120b
--- /dev/null
+++ b/content/shortnotes/subdomailing-campaign/index.md
@@ -0,0 +1,13 @@
++++
+title = "SubdoMailing Campaign"
+# description = ""
+date = 2024-02-27
+# updated = 2024-02-27
+#draft = true
+[taxonomies]
+tags = ["shortnotes"]
++++
+
+I came across this while reading my RSS feeds this morning: there's a new ad fraud campaign that is using insecure domains from big names like VMware and Marvel. But the interesting thing for me isn't the names attached, but that it seems so simple of an attack: look for outdated and unregistered domains, and use their existing presence in other companies mail records to bypass spam filters. 
+
+[Relevant link to Bleeping Computer article](https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-brands-used-in-massive-spam-campaign/)