Cybercriminals are heavily used in their illegal activities of the Joint European domain .eu, the report said the British antivirus company Sophos. “The number of malicious domains .eu growing. Many malicious domains were registered in November to distribute a set of exploits Blackhole”, – said Fraser Howard, anti-virus specialist Sophos.
Blackhole is a set of Web-based attacks exploits targeted at different browser vulnerabilities and plug-ins, such as Adobe Reader, Flash Player or Java Plug-in to infect users’ computers. The latest wave of attacks recorded by Sophos, cyber criminals attacked randomly selected .eu-domains, trying to place them malicious code. In addition, the attackers use specially registered domains to attack the computers of end users. A significant number of malware .eu-domains have been registered with the Czech Republic.
“The life of such domains is small, each specific to the server name indicates only a short period of time, after which the organizers determine the domain to the new server. Overall, this technique is customary for such an attack, because it makes it difficult to close a particular server and filtering traffic due change IP-addresses “- says Howard.
Confirm these data and the Romanian antivirus company Bitdefender. “In the second half of 2012, we observed an increase in malicious activity in the blast zone .eu. Compared with the first half, we recorded approximately threefold increase in the number of malicious domains. Whereas in January 2012 to share .eu accounted for only 0.53% of the attacks, now 1.40% of them already, “- said Bogdan Botezatu, special antivirus Bitdefender. “Now .eu is the eighth in the list of malicious domains, at the beginning, he was eleventh. Much of the attacks still account for the Russian domain .ru and international.com”.
In “Kaspersky Lab” is also podtverdzhayut this trend, adding media information about the significant growth of malicious activity in the blast zone of India. In. “Both domains (.ru and .in) are in the Top-15 most malicious national domains. Addition, we fix the growth of malicious activity associated with the code Kelihos, in the zone .eu”, – explained in the “Kaspersky Lab”.
In Sophos said that attackers often move from one area to another domain, because the reputation of different domains vary and users are more likely to trust the sites in the area .eu, than in the zones. Cc (Cocos Island) or. Td (Chad) so obvious and interest to more reliable attacking zones.
“Domain .eu is not associated by most people with fraudulent transactions. Moreover, .eu – a pan-European domain and the information here may be either in English or in any other popular language,” – said in Sophos.
European domain registrar Eurid also confirms the growth of fraudulent and malicious activity in the domain .eu, however, notice here that in comparison to other popular domains here malicious activity is still lower.