[Emerging-Sigs] Blackhole served via Yahoo
mcholste at gmail.com
Mon Dec 17 08:57:57 HAST 2012
We saw a kit alert on 184.108.40.206 and 220.127.116.11 with signatures like
Blackhole sig 1:2015487:9. Passive DNS is showing lots of legit sites but
even more malicious DGA-style sites pointing to those IP's, so I'm
wondering if this is a simple matter of abusing Yahoo's hosting, or
something more complicated going on. It's rare for us to see major sites
like Yahoo hosting malicious code (usually it's more like GoDaddy, The
Planet, etc.). Is anyone else seeing hits for these?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs