Google Online Security team today revealed that their malware scanners systems have detected “more than 50,000 malware domains from a single bulk domain provider.”
“Bulk subdomain providers register a domain name, like example.com, and then sell subdomains of this domain name, like subdomain.example.com.” “Subdomains are often registered by the thousands at one time and are used for spamming, to distribute malware, and fake anti-virus products on the web.”
Google says that over the past few months a number of bulk subdomain providers becoming targets of abuse by malware distributors. “To help protect users we recently modified those systems to identify bulk subdomain services which’re being abused. In some severe cases our systems may now flag the whole bulk domain.”
“If you’re the owner of a website hosted in a bulk subdomain service, please consider contacting your bulk subdomain provider if Google SafeBrowsing shows a warning for your site. The top-level bulk subdomain may be a target of abuse,” Google stated.
Google advises that bulk subdomain service providers may use Google’s tools to help identify and disable abusive subdomains and accounts:
- Webmaster Tools lets webmasters find examples of URLs under their domains that may be distributing malware.
- Google Safe Browsing Alerts for Network Administrators allows owners of Autonomous Systems to get notifications for hosts that are involved in malware delivery.
[Source: Google Online Security Blog]