14 DAY TRIAL // 'Tk' and 'co.tv' domains have been replaced lately by cybercriminals with 'ce.ms' domains that are set up to host cleverly designed malicious websites.
The researchers at Zscaler discovered a lot of these in the past period, all of them being stationed to launch attacks by using obfuscated JavaScript codes.
Among the examples identified were 27glshegbslijels.ce.ms, hhhjjjjj111111.ce.ms and 00000000000000.ce.ms.
As you can see, the names of the domains are probably randomly generated which suggests the fact that there are a lot of them prepared to launch malevolent attacks on the devices of unsuspecting internauts.
Unfortunately for us, the codes on the website are blurred in such a way to make sure they can evade the detection of security products. The method itself is not very sophisticated, but the way it's used is very well conceived.
To make sure their plots remain undetected, the masterminds behind these rogue domains will spread up the numbers contained in arrays on separate lines, thus obtaining large HTML files which in many cases are not identified as being harmful.
In fact, once the strange code is decoded, it reveals itself to be a variant of the Blackhole exploit kit which takes advantage of all common vulnerabilities.
It looks as attackers will remain original and always succeed in coming up with ways of evading security solutions. Not even intrusion prevention systems or intrusion detection systems are a match for these types of threats.
Because these domains are free and their registrar has a hard time blocking all the malicious websites, the hackers manage to get away clean with their evil operations.
Also, don't be fooled by the strange names of the domains as they can easily be masked with a legitimate looking link.
Your best option to stay protected is to make sure that all the components of your operating system are up to date.