Russian criminals behind cyber attack on NU.nl

The cyber attack was made on Wednesday afternoon news NU.nl, is very likely a specific action from Russia. Published Friday that an analysis of Fox IT security on his blog.

Wednesday nu.nl has spread malewre malware has spread to its users. Scurity analysis discovered this after infection with customers and began an investigation.

A botnet virus infected the network and exploit kit and the installed Trojans,

The IP addresses used for these exploit kits were 188.95.50.55, 188.95.50.56, 188.95.50.57 and 188.95.50.58 which were hosted in The Netherlands at serverboost.nl, and not in India as indicated by other publications. We provided the domains and the IP addresses to Spamhaus and also contacted serverboost.nl directly.wroted bloger
 

The track is followed by the intelligence departmen leads now to a Russian criminal underground forums which operates under the name Piupiupo.

The javascript is obfuscated with a simple obfuscator, but when you would look at this manually it would be easy to skip it as javascript files are often packed or compressed to save bandwidth.

The file was simple and for us only interesting to see where it would redirect clients, which was interesting as it redirected systems specifically with Windows Vista/7/8 to a separate location in the Nuclear Pack exploit kit.Bloger

 

 

Published by:

siavash's picture

Name
siavash

Country
NL