Clients of Namecheap, a large domain registrar that is accredited by ICANN and is also a hosting company, faced serious problems. The first one to discover the issue was Kirk McElhearn, the owner of kirkville.com, when he received a notification from Google that three subdomains of his website are spreading spam or malware. McElhearn was extremely surprised as he didn't create these subdomains himself and they didn't show on his administrative panel.
He contacted technical support and Namecheap answered that there was a configuration error of the DNS server. The error is very serious: it turned out that it allowed users that had an account on Namecheap to create subdomains on other clients' websites without their consent. In addition, the owner of the original domain couldn't detect or delete them. Obviously, unknown criminals couldn't pass this opportunity of spreading spam and malware literally “at someone else’s expense”.
Namecheap assured that the error affected only an insignificant part of clients and they promised to take all measures to solve the problem as quickly as possible, reports The Register.
