Cyber-criminals choosing Non-chargeable “ce.ms” Domains, Reports Zscaler

Cyber-criminals have migrated to "ce.ms" domains away from "co.cc" and hosting malware on them following Google's act of thwarting the co.cc domains, Zscaler the security company observes.

Indeed, Zscaler spotted several ce.ms domains that were abusing different familiar client-side security flaws.

Utilizing randomly named domain names, the crooks have inserted confusing JavaScript malware into them a few of which include "hxxp://hhhjjjjj111111.ce.ms/main.php?page=423b262d0a1a9f70" and "hxxp://27glshegbslijels.ce.ms/main.php?page=66c6ce3c7bc4b20c," say.

The above names of domains indicate that cyber-criminals are registering arbitrary domains for hosting assaults. Victims who'd visit them are likely to find obfuscated JavaScript that's so created that it'll bypass anti-viruses, IPS and IDS.

The scripts, which use arrays, have numbers that are deliberately disseminated over different lines. Like this, the HTML file's size becomes massive, while the entire JavaScript malware spreads across 29K lines.

On decoding this malware, it has been found having an association with the Blackhole malware toolkit that abuses several different client-side flaws.

During June 2011, Google began labeling mass "co.cc" domains when it noticed several of them supporting malicious software. The company stated that often thousands of sub-domains were registered simultaneously as also utilized for disseminating scareware or other malware.

Zscaler noted that certainly, all websites that were hosted on free domains weren't necessarily malevolent; however, they were largely acceptable to people seeking for contaminating others' computers. The company therefore advised users to maintain caution incase they saw a dubious appearing web address which had a freely available domain name, to remain protected.

Cyber-crooks go on adopting various arbitrary domains for waging assaults, frequently using free registration facilities. In the current case, they've used obfuscation therefore security software dependent on standard names developed to be similar as familiar patterns may frequently get eluded because of the JavaScript malware getting disseminated across many lines.

Cyber-criminals will keep on exploiting the widely acceptable free domains. With Microsoft withdrawing the lawsuit against the domain provider of botnet Kelihos and the service acquiescing for joint task with the organization for devising as also enforcing best practices for stopping non-chargeable sub-domains' exploitation, one can hope the knowledge emerging from the joint-task will spread to more free domain suppliers.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 11/10/2011