Is there any point at which ISPs block these known malware domains? It seems like they are using the same site (veryield-malyst.com) over and over to distribute the payload in repeated malware campaigns. Why haven't the major ISPs blocked access to that domain?
> The `veryield-malyst` domain, as a case in point, has been active for months, but only recently are VeryMal starting to smuggle it using steganography. Here’s one of their tags ad tags from early November for comparison:
So we've known since at least November that this site is bad, but it's still serving this stuff up today? WTF?
> The `veryield-malyst` domain, as a case in point, has been active for months, but only recently are VeryMal starting to smuggle it using steganography. Here’s one of their tags ad tags from early November for comparison:
So we've known since at least November that this site is bad, but it's still serving this stuff up today? WTF?