A method of hijacking abandoned subdomains from well-know businesses and using the "trusted authority" to get away with sending millions of emails a day in an ad fraud campaign. This trust helps the bad actors get past spam filters using various techniques. 8,000 legitimate internet domains and 13,000 subdomains are used in the program.

Some notable brands that fell victim to this domain hijacking campaign include MSN, VMware, McAfee, The Economist, Cornell University, CBS, NYC.gov, PWC, Pearson, Better Business Bureau, Unicef, ACLU, Symantec, Java.net, Marvel, and eBay.

[bleepingcomputer.com...]