“Shrift” BEK2 EOT Exploit

It looks like the EOT exploit has been incorporated into some Blackhole Exploit Kit Variants.

HTTP Request Method = GET
HTTP URI = */shrift.php

Examples:

http://secondtestinggo .com/ngen/shrift.php
http://refresher2013.com/ngen/shrift.php
http://winupdatingservice .org/ngen/shrift.php
http://sterringpolira .net/ngen/shrift.php
http://rodeoshowingglow .com/ngen/shrift.php
http://mondaynighttotheclub .net/ngen/shrift.php
http://freeitunescards .org/ngen/shrift.php
http://contextipdating .com/ngen/shrift.php
http://obamabloopers .net/ngen/shrift.php
http://waitwhileloading .com/ngen/shrift.php
http://wipinginsideasat .com/ngen/shrift.php
http://world-armageddon .org/ngen/shrift.php
http://thingingmon .com/ngen/shrift.php
http://newageconsultingservice .com/ngen/shrift.php
http://merchantsgerta .org/ngen/shrift.php
http://prachristmas .com/ngen/shrift.php
http://financialsuccesssa .net/ngen/shrift.php
http://taxsolutionsukay .com/ngen/shrift.php
http://svntestingsat .com/ngen/shrift.php
http://domanderstand .com/ngen/shrift.php

https://www.virustotal.com/file/196c3e10bc46e2b70ef5f9798e41ced89a3a81080310fa299147c18466587033/analysis/

See examples of BEK2 EOT Exploit on UrlQuery.com

Comments are closed.