Sponsored by..

Wednesday, 12 February 2014

Malware (Neutrino EK?) sites to block 12/2/14

The following IPs and domains appear to be in use for spreading exploit kits via injection attacks - 108.178.7.118 (Singlehop, US) [1] [2] and 212.83.164.87 (Online SAS, France) [3] [4]. The payload isn't clear, but some of the URLquery reports indicate Neutrino.

In the case I saw, the victim was directed to the EK from a compromised site at greetingstext.com. I cannot reproduce the problem with URLquery or any other tool, but log files do not lie.

I would recommend that you block these following IPs and domains as a precaution:

108.178.7.118
212.83.164.87
jakiewebs.com
sheethoo.com
chaefooh.com
goldnclouds.com
nofledno.com
zeuriele.com
wqywdo.xip.io
glindeb.com

No comments: