Cybercriminals are increasingly using .eu domain names in their attack campaigns, according to data from multiple security companies.
“Numerous malicious .eu domains have been registered during November which are being used to infect PCs with malware via the Blackhole exploit kit,” said Fraser Howard, principal virus researcher at security vendor Sophos, in a blog post
Blackhole is a Web-based attack toolkit that uses exploits for vulnerabilities in browser plug-ins like Adobe Reader, Flash Player or Java, to infect computers with malware.
In the attack seen by Sophos, cybercriminals hosted their Blackhole attack pages on random-looking domain names with the .eu extension, all pointing to a known malicious server located in the Czech Republic.
“They are short-lived; the names only resolve to the target server for a brief period before the attackers move on to the next,” Howard said. “This type of tactic is pretty common, used by many threats in their attempts to evade security filtering.”