Sponsored by..

Thursday 9 October 2014

Nuclear EK active on

It looks like the Nuclear exploit kit is active on (Linode, UK), using hijacked subdomains of legitimate domains using AFRAID.ORG nameservers. I can fee the following sites active on that IP:


"fuhloizle" is a pretty distinctive search string to look for in your logs. It looks like the bad sites might be down at the moment (or the kit is hardened against analysis), but blocking this IP address as a precaution might be a good idea.

No comments: