From 9621d34edd3d8334033f51a49d5673af369e4407 Mon Sep 17 00:00:00 2001
From: Lukas <ldv8434@rit.edu>
Date: Sun, 24 Mar 2024 15:45:16 -0400
Subject: [PATCH] subdomailing

---
 content/shortnotes/subdomailing-campaign/index.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 content/shortnotes/subdomailing-campaign/index.md

diff --git a/content/shortnotes/subdomailing-campaign/index.md b/content/shortnotes/subdomailing-campaign/index.md
new file mode 100644
index 0000000..4d2120b
--- /dev/null
+++ b/content/shortnotes/subdomailing-campaign/index.md
@@ -0,0 +1,13 @@
++++
+title = "SubdoMailing Campaign"
+# description = ""
+date = 2024-02-27
+# updated = 2024-02-27
+#draft = true
+[taxonomies]
+tags = ["shortnotes"]
++++
+
+I came across this while reading my RSS feeds this morning: there's a new ad fraud campaign that is using insecure domains from big names like VMware and Marvel. But the interesting thing for me isn't the names attached, but that it seems so simple of an attack: look for outdated and unregistered domains, and use their existing presence in other companies mail records to bypass spam filters. 
+
+[Relevant link to Bleeping Computer article](https://www.bleepingcomputer.com/news/security/hijacked-subdomains-of-major-brands-used-in-massive-spam-campaign/)