Researcher finds 670 Microsoft subdomains vulnerable to takeover

Years after it was first identified as a possibility, researchers have found it’s still child’s play to hijack subdomains from companies such as Microsoft to use in phishing and malware attacks.

Researchers at Vullnerability.com were able to grab more than 670 subdomains that had previously been used by Microsoft but subsequently forgotten about, including:

  • identityhelp.microsoft.com
  • mybrowser.microsoft.com
  • web.visualstudio.com / webeditor.visualstudio.com
  • data.teams.microsoft.com
  • sxt.cdn.skype.com
  • download.collaborate.microsoft.com
  • incidentgraph.microsoft.com
  • admin.recognition.microsoft.com

And many others, all of which look like the sort of legitimate subdomains users (including Microsoft employees), would be inclined to trust if lured to them by a phishing attack.

Read more in

Hostile Subdomain Takeover using Heroku/Github/Desk + more

Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if you are one of them by using our quick tool, or go through your DNS-entries and remove all which are active and unused OR pointing to External Services which you do not use anymore.

http://labsdetectify.wpengine.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/



Categories: Cyber Security, domain privacy, domain register privacy

Tags: ,

2 replies

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.