Tag: blackhole

Thousands of websites affected by nameserver hijack redirecting visitors to malware

DNS caching causes attack to have a long tail. Yesterday, visitors to thousands of Dutch websites were served an ‘under construction’ page that, through a hidden iframe, was serving the Blackhole exploit kit. The sites were hosted by three hosting companies that share both a parent company and, more importantly in this case, nameservers for…

August 6, 2013
Apache binaries replaced by stealth malcious ones

Malicious servers opening backdoors, performing redirects. Researchers at ESET and Sucuri have discovered a modified Apache binary that is used on hundreds of web servers to perform malicious redirects and open a backdoor to the server, while going to great lengths to hide its activity. Recently, thousands of websites – most prominently that of the…

April 30, 2013
PayPal spam leads to exploit kit

Clicking on links leads to Blackhole rather than phishing site. Fake PayPal receipts were being spammed out this morning, with links leading to a version of the Blackhole exploit kit. The emails look like typical PayPal confirmation emails and suggest that funds have been sent from the user’s account. The supposed recipient of these funds…

May 2, 2012
Recently discovered Java vulnerability being added to exploit kit

Kit ‘patched’ to include latest exploit; users urged to patch their software too. Security researcher and journalist Brian Krebs has found evidence that a recently discovered vulnerability in Java is being added to the ‘BlackHole’ exploit kit. The vulnerability was discovered a few weeks ago and makes use of the Rhino Script Engine to run…

November 28, 2011