Some bad act hackers always came up with new ways or trick to get the victim for their malicious activity. And this time also they have made a new way to spread their malicious application over the internet.
The Angler exploit is one of the most effective exploit kit available in the underground forums. Developer of the exploit, continuously updating the kit with the new exploits in order to make it more effective.
when a users view a malicious advertisement is redirected to one of the hacked subdomains hosted by GoDaddy, which delivers the Angler exploit kit or redirects to victims to other malicious website managed by the criminal crew.
Cisco security expert discovered a new technique dubbed Domain Shadowing consisting in the creation of thousand subdomains used to spread the Angler exploit kit. Hackers hacking legitimate domain name account registered with Godaddy in order to infect visitors with malware, the hackers are using the accounts to create subdomains that direct unaware visitors to websites hosting Angler exploit.
when a users view a malicious advertisement is redirected to one of the hacked subdomains hosted by GoDaddy, which delivers the Angler exploit kit or redirects to victims to other malicious website managed by the criminal crew.
On the blog post Nick Biasini of Cisco System wrote -
With a new technique called "Domain Shadowing", hackers are serving the Angler exploit through the hundreds of sub-domains. Domain shadowing is the process of using users domain registration logins to create subdomains. This is an increasingly effective attack vector since most individuals don’t monitor their domain registrant accounts regularly. These accounts are typically compromised through phishing.”
Hackers are mainly targeting Godaddy domains as Godaddy is one of the most popular domain registrar. Hackers mainly use Phishing Attack technique to hacked the login credentials of the domain accounts.