Monday, June 13, 2011

178.18.243.219 serving Balckhole expoit kit

Malwaredominlist shows that multiple domains using IP "178.18.243.219" were found to be Blackhole exploit kit. Further analysis confirmed distribution of evil contents using these domains.

Some of the domains are :
baooe1.com,
smrbr0.com,
erdvjn1.com,
sgsge3.com,
smrbr3.com, ...

The common pattern in URI: "/index.php?tp=8db1a050f929d8da"

Most of the URL are still alive and serving heavily obfuscated content which targets multiple vulnerabilities present in Adobe PDF and Java. More information can be found in a blog post by Umesh.Whois lookup on the IP tells around 98 domains are using "178.18.243.219".

Pradeep
Posted by Pradeep Kulkarni at 12:14 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)