back to article Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers

More than 240 website subdomains belonging to organizations large and small, including household names, were hijacked to redirect netizens to malware, X-rated material, online gambling, and other unexpected content. These big names are said to include Chevron, the Red Cross, UNESCO, 3M, Getty Images, Hawaiian Airlines, Arm, …

  1. tip pc Silver badge

    Just pay for cloud stuff on your card and expense it back

    Then cudgel IT into getting that new cloud thing to work on the corporate DNS.

    Once running the PM’s and contractors run off to the next thing and no one knows about that stink bomb they left behind.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just pay for cloud stuff on your card and expense it back

      My favourite one is where it’s imperative to provide access to something and after intense troubleshooting (questioning) it transpires the solution is hosted externally and the team who had the crap built need to go to some third party they have no relationship with to get them to open access.

  2. Tom 38

    This is an Azure problem

    They could prevent this in so many ways, but they continually allow it to happen to their clients - it would be trivial to fix by maintaining a either a blocklist of previously issued names and/or adding a random/client derived prefix in to these hostnames.

    1. Diogenes8080

      Re: This is an Azure problem

      I agree that MS are doing their customers and their brand no service by failing to police the re-use of old subdomains, but this is equally the fault of customer organisations failing to keep track of their own DNS records.

      1. a_yank_lurker

        Re: This is an Azure problem

        I would blame both the Rejects and the customer. Azure should be designed to account this kind of oversight while the customers should be more careful when they retire subdomains.

    2. Anonymous Coward
      Anonymous Coward

      Re: This is an Azure problem

      MS uses GUIDs everywhere...

  3. GreggS


    would you say it was a copy cat enterprise?

    1. Phil Kingston

      Re: Xerox

      Not sure it's as black and white as that

      1. ovation1357

        Re: Xerox

        P.S. I wonder what the 'photo stats' are like on this subdomain.

    2. ecofeco Silver badge

      Re: Xerox

      Obviously duplicated.

  4. Anonymous Coward
    Anonymous Coward


    "Edwards said, the crooks try to hide their presence once they've hijacked a subdomain, making the root URL show a 404 or "coming soon" message."

    I have seen happening a lot with WordPress sites.

    The root URL will show a "coming soon" or just a shell of a site that looks like it's under construction but is actually a SMTP server sending out spam and phishing emails.

    I am usually very attentive to what goes on with my web browsers URL bar and keep an eye out for multiple redirects and other oddities.

    (like when I went to log into my favorite IT site and noticed it redirected from to .com)

  5. Mike 137 Silver badge

    Resource management

    "when they no longer needed that space, they emptied it out but left the door unlocked for others to sneak in"

    Exclusively down to lack of resource management.


    Sorry to use obscure terminology ...

    1. ecofeco Silver badge

      Re: Resource management


  6. This post has been deleted by its author

  7. SW10

    Just so we’re clear

    Are you saying there are sloppy people out there who don’t clear up after themselves?

    And that there are enterprises who take a “their-problem-not-mine” kind of attitude?

    1. ecofeco Silver badge

      Re: Just so we’re clear

      Shocking innit?

  8. razorfishsl

    Microsoft could fix this by preventing the names from being re-used, perhaps by using a sha512 generated hash, and not allowing reuse.

    once it is spun down.. it generates DNS errors, forcing the IT to clean it up........

  9. ecofeco Silver badge


    Too funny. But I'm not surprised. So much neglect out there ripe for the picking.

  10. Claptrap314 Silver badge

    How is this Azure's fault?

    I don't get this. The cname is entirely the responsibility of the client organization. It's not even clear to me how Azure should police this.

    1. Robert Grant

      Re: How is this Azure's fault?

      Very easy. You can only register domains with a subdomain prefix. So you can't register, only The fact it's a global namespace is shocking.

      1. Claptrap314 Silver badge

        Re: How is this Azure's fault?

        Okay, so you suppose that is permanent? I can see this helping so long as is maintained. If mytentant was in fact some sort of UID, Azure could drop it when the contract ended and NEVER reissue mytenant.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like