14 DAY TRIAL // A few hours ago, PC Web Plus reported that the website of the popular Dutch online electronics shop Conrad.nl was serving malware. Experts say that Conrad.nl is not the only site that exhibits this behavior.
Yonathan Klijnsma, a security specialist at Dutch IT-Security company Fox-IT, says that hundreds of websites that use DNS from Netherlands-based hosting provider Webstekker also redirect visitors to malware.
According to the expert, the sites host the BlackHole exploit kit, which leverages vulnerabilities in Java and Adobe Reader to push malware. Once it’s installed on a computer, the malware communicates via the TOR Network.
Conrad.nl has been taken down. The company’s representatives say they’re working with their hosting provider on addressing a DNS server issue.
At this point, Webstekker hasn’t released any announcement on the issue, but since they’ve been contacted by at least one of their impacted customers, it’s possible that they’re working on addressing the problem.
Update. Additional details on this attack are available here.