Gaining unauthorized control of a high profile domain can disrupt or severely impact the business and operations of the registrant, as well as the associated owners and companies. But what if a small mistake by a domain owner put millions of URLs at risk of being abused for malicious purposes. Something similar happened with Google’s Blogspot domain.
Google no longer the owner of blogspot.in
In early June, Google let the registration of a country-specific domain (blogspot.in) lapse, a part of Google-owned Blogger, formerly Blogspot. As a result, Google lost ownership over the domain.
The lapse in registration caused 4.4 million URLs and associated permalinks in the Google search results to become inaccessible to many users in India as the domain was no longer responding to requests.
On June 24, a shared hosting provider, based out of India, named domainming.com, purchased the domain. Later, the domain was posted for sale on the Sedo domain marketplace for $5,999.
Any threat actor could purchase this highly active domain and use it to spread malware, scams, perform blackhat SEO, or any other possible malicious activity.
Other abuse incidents with Blogspot
Blogspot domain has also been previously abused by some threat actors in their targeted attack campaigns. Palo Alto Networks discovered an attack campaign named ‘Aggah’ in March 2019, targeting organizations in a Middle Eastern country.
In January 2020, the Aggah group was seen abusing BlogSpot to infect some Italian companies operating in the retail sector with the LokiBot variant.
In the same month, the Aggah campaign built a custom stager implant based on legitimate third-party services such as Blogspot to run its botnet without renting a server and to manage the infected hosts.
Immediate solution?
While Google can reclaim the domain, it can resolve user issues by setting a redirect on the domain that would point blog visitors to the content they’re looking for using a different domain.