Security researchers from Sophos reveal that a number of malicious .eu domains have been registered by cybercriminals and set up to host the infamous BlackHole exploit kit.
In order to avoid security filtering, cybercrooks have registered several domains, which they use to infect the computers of unsuspecting internauts.
After closely analyzing the domains, experts have noticed that they all resolve to the IP address of a server located in the Czech Republic. The server hosts over 100 domains utilized as exploit sites and gateways for adult websites.
These cybercriminals seem to have a clever method of keeping their operations online. If this month they’ve registered domains such as nrxpxq.eu, vjtjpy.eu, xzjvhs.eu or xipuww.eu, a few months ago they registered domains hosted on the .in TDL.
Each of the domains is active only for a short period of time and all their names appear to follow this pattern of 6 random characters.
One interesting connection between all these domains appears to be Finland. The .in domains were all registered by someone apparently from Finland and the .eu registrant’s language was set to Finnish.