Trackbacks

  1. […] used in a previously profiled malicious campaign impersonating Intuit – “‘Intuit Payroll Confirmation inquiry’ themed emails lead to the Black Hole exploit kit“, where the client-side exploit-serving URL (art-london.net) was also registered with the […]

  2. […] The various malicious domains used in the campaign responded to the same set of IP addresses. You can find a list of the malicious URLs in Danchev’s write-up. […]

true