Abandoned Subdomains from Major Institutions Hijacked for AI-Generated Spam (404media.co)
(Wednesday June 11, 2025 @11:30PM (msmash)
from the digital-parasites dept.)
- Reference: 0178014683
- News link: https://tech.slashdot.org/story/25/06/12/019221/abandoned-subdomains-from-major-institutions-hijacked-for-ai-generated-spam
- Source link: https://www.404media.co/spam-blogs-ai-slop-domains-wowlazy/
A coordinated spam operation has infiltrated abandoned subdomains belonging to major institutions including Nvidia, Stanford University, NPR, and the U.S. government's vaccines.gov site, [1]flooding them with AI-generated content that subsequently appears in search results and Google's AI Overview feature.
The scheme, reports 404 Media, posted over 62,000 articles on Nvidia's events.nsv.nvidia.com subdomain before the company took it offline within two hours of being contacted by reporters. The spam articles, which included explicit gaming content and local business recommendations, used identical layouts and a fake byline called "Ashley" across all compromised sites. Each targeted domain operates under different names -- "AceNet Hub" on Stanford's site, "Form Generation Hub" on NPR, and "Seymore Insights" on vaccines.gov -- but all redirect traffic to a marketing spam page. The operation exploits search engines' trust in institutional domains, with Google's AI Overview already serving the fabricated content as factual information to users searching for local businesses.
[1] https://www.404media.co/spam-blogs-ai-slop-domains-wowlazy/
The scheme, reports 404 Media, posted over 62,000 articles on Nvidia's events.nsv.nvidia.com subdomain before the company took it offline within two hours of being contacted by reporters. The spam articles, which included explicit gaming content and local business recommendations, used identical layouts and a fake byline called "Ashley" across all compromised sites. Each targeted domain operates under different names -- "AceNet Hub" on Stanford's site, "Form Generation Hub" on NPR, and "Seymore Insights" on vaccines.gov -- but all redirect traffic to a marketing spam page. The operation exploits search engines' trust in institutional domains, with Google's AI Overview already serving the fabricated content as factual information to users searching for local businesses.
[1] https://www.404media.co/spam-blogs-ai-slop-domains-wowlazy/
Something fishy... (Score:2)
How do you abandon a subdomain ? Unless an attacker can infiltrate your DNS servers, there's no such thing as an "abandoned" subdomain.
Otherwise insert_random_string_here.microsoft.com would be fair game.
Re: (Score:3)
Replying to myself... oh, OK, they decommissioned the domains, but left the DNS records pointing to IP addresses that were probably on AWS or some other cloud provider, so the attacker (somehow) obtained those IP addresses.
Well, that's just dumb. If you stop using a subdomain, you should unpublish the DNS records first before releasing the IP addresses.
Re: (Score:2)
That is the question.
I can see if they outsourced something and delegated a subdomain and the contract expired and then somehow the spammers got the IP's (hosting farm?) which had been abandoned and set up DNS.
But I've never been able to request a specific IP when setting up a VPS or colo, so it's kinda a mystery to me.
404 should have included the most basic of details.
Re: (Score:2)
Repeat instance creation until you get the IP? I wonder if you could get on the same subnet and then just take the IP as static? I'd hope not for the latter.