Numerous .eu Domains Registered To Host BlackHole Exploit Kit

November 23, 2012 By Ali Loney

2 minute read time

Softpedia – (International) Numerous .eu domains registered to host BlackHole exploit kit. Security researchers from Sophos reveal that a number of malicious .eu domains have been registered by cybercriminals and set up to host the - 11 - infamous BlackHole exploit kit. In order to avoid security filtering, cybercrooks have registered several domains, which they use to infect the computers of unsuspecting internauts. After closely analyzing the domains, experts have noticed that they all resolve to the IP address of a server located in the Czech Republic. The server hosts over 100 domains utilized as exploit sites and gateways for adult Web sites. The cybercriminals seem to have a clever method of keeping their operations online. This month they registered domains such as nrxpxq.eu, vjtjpy.eu, xzjvhs.eu, or xipuww.eu, while a few months ago they registered domains hosted on the .in Top Level Domain (TLD). Each of the domains is active only for a short period of time and all their names appear to follow this pattern of 6 random characters. One connection between the domains appears to be Finland. The .in domains were all registered by someone apparently from Finland and the .eu registrant’s language was set to Finnish.

Source: http://news.softpedia.com/news/Numerous-eu-Domains-Registered-to-Host-BlackHole-Exploit-Kit-309360.shtml

Tags: security, AppSec Spotlight

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.