Softpedia – (International) Numerous .eu domains registered to host BlackHole exploit kit. Security researchers from Sophos reveal that a number of malicious .eu domains have been registered by cybercriminals and set up to host the - 11 - infamous BlackHole exploit kit. In order to avoid security filtering, cybercrooks have registered several domains, which they use to infect the computers of unsuspecting internauts. After closely analyzing the domains, experts have noticed that they all resolve to the IP address of a server located in the Czech Republic. The server hosts over 100 domains utilized as exploit sites and gateways for adult Web sites. The cybercriminals seem to have a clever method of keeping their operations online. This month they registered domains such as nrxpxq.eu, vjtjpy.eu, xzjvhs.eu, or xipuww.eu, while a few months ago they registered domains hosted on the .in Top Level Domain (TLD). Each of the domains is active only for a short period of time and all their names appear to follow this pattern of 6 random characters. One connection between the domains appears to be Finland. The .in domains were all registered by someone apparently from Finland and the .eu registrant’s language was set to Finnish.
Ali Loney, on November 23, 2012