Malaysian Research & Education Network Serving BlackHole

Posted: October 20th, 2012 | Author: | Filed under: IT Related | No Comments »

It’s been a while since the last update. What a busy weeks..

I’ve subscribed to MalwareDomainList‘s RSS and recently I’ve found a couple of entries on BlackHole Exploit Kit hosted in Malaysia. I’ve performed a quick analysis on the domains and found that, it is confirmed serving BlackHole Exploit Kit v2.0.

And as for the detection rate in Virustotal: 4/44

I’ve done a quick analysis on the IP using robtex and hostmap, there are 12 (or more) .RU domain associated with the IP. Most of the domains store multiple A record for their DNS. 2 of the IPs are in US, and 1 in Malaysian Research & Education Network.

Leave a Reply