Watch out for .hk domains with embedded malware code

ISC handler Maarten Van Horenbeeck writes that many valued contributors wrote in yesterday with various spam messages that contained nothing but a short piece of text and a link to a very simple HK domain.

Martin notes that when investigating this, they found out that these domains have no less than 10 authorative nameservers. Most interesting is that each of these appear to be located within an ISPs dynamic IP address range. This is naturally highly suspicious. Random querying for A records shows that a large number of other compromised hosts are being used to host the actual website.

On each of these servers, the index.html page contains a couple of different pieces of malware code. Read the whole report at ISC.