[Emerging-Sigs] Blackhole served via Yahoo

Martin Holste mcholste at gmail.com
Mon Dec 17 08:57:57 HAST 2012

We saw a kit alert on and with signatures like
Blackhole sig 1:2015487:9.  Passive DNS is showing lots of legit sites but
even more malicious DGA-style sites pointing to those IP's, so I'm
wondering if this is a simple matter of abusing Yahoo's hosting, or
something more complicated going on.  It's rare for us to see major sites
like Yahoo hosting malicious code (usually it's more like GoDaddy, The
Planet, etc.).  Is anyone else seeing hits for these?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121217/153ad9ac/attachment.html>

More information about the Emerging-sigs mailing list