Hello, welcome to the Friday, May 20th, 2016 edition of the Sanctur Storm Center's Stormcast.

My name is Johannes Ulrich Entertainment recording from Jacksonville, Florida.

Yes, Tesla Crypt is down. I already talked about this yesterday, but before you turn off all your malware defenses, we have more malware from you and Pratt

is here reporting about what he is seeing recently with exploit kits, in particular in this case

from the EI test campaign as he calls it, which uses the angular exploit kit in order to install

malicious software on users' systems.

One interesting observation here with top-level domains.

This particular group used in a past a lot, the dot-tK domain, which is for Tokelao, which is a territory of New Zealand, the South Pacific.

So something you can probably block, but lately they also use the UK domains, particular

dot-CO.

.uk.

That's of course a little bit more tricky to pick up, but they also use one of the new

top- level domains.

Dot Top.

Haven't already seen anything good yet from dot top, but plenty of malware, plenty of spam,

so may want to consider blacklisting that particular top level domain.

I'm always a little bit hesitant of recommending blacklisting, in particular blacklisting a top level domain. I'm always a little bit hesitant of recommending blacklisting, in particular blacklisting

a top level domain, but in this case, I don't really see a business reason to keep accepting

URLs or emails with that particular top level domain.

One of the issues I've always been concerned about is how all the matter and identity theft

and the like we are dealing with is affecting consumer trust into electronic commerce and the

internet in general.

...