After being thwarted by Google earlier this year, cybercriminals have shifted from “co.cc” to “ce.ms” as their preferred domains for hosting their malware.
Security firm ZScaler noticed several “ce.ms” domains were hosting malicious code, along with JavaScript code obfuscated to evade antivirus software.
“Attackers keep registering different random domains to spread their attacks, often targeting free registration services. Due to obfuscation used by the attackers, security solutions relying on regular expressions designed to match known patterns can often be evaded due to the code being spread of over numerous lines,” it said in a blog post.
Sunbelt Software noted the “ce.ms” domains indicate the host is in Montserrat, an island in the West Indies.
It noted many complaints about getting fake antivirus programs from such sites.
“Of course, not all websites using free domains are malicious, but they are popular with those looking to infect your PC so please be careful if you see a suspicious looking URL combined with a free domain or you may end up with more than you bargained for,” it advised.
Last June, Google started flagging bulk “co.cc” domains after noting many of them hosted malware.
Google said subdomains are often registered by the thousands at one time and are used to distribute malware and fake anti-virus products on the Web.
“In some cases our malware scanners have found more than 50,000 malware domains from a single bulk provider,” it said. — TJD, GMA News
Article source: http://ph.news.yahoo.com/malware-makers-migrate-ce-ms-domains-google-purge-081204695.html
View full post on National Cyber Security » Virus/Malware/Worms
