Drive-by attack relies on hacked GoDaddy accounts
Hundreds of hacked domain name accounts registered through GoDaddy are being used as part of a highly effective campaign using the Angler exploit kit to infect computers with malware.
The attackers are using the accounts to create subdomains that shuttle Web surfers to websites hosting Angler, wrote Nick Biasini, an outreach engineer with Cisco Systems.
The owners of the accounts are usually unaware of the activity, which Cisco calls “domain shadowing,” since they may rarely log into their accounts. Hundreds of GoDaddy accounts that have several thousand domain names assigned to them have been compromised, Biasini wrote.