Attackers have been going after various pieces of the DNS infrastructure for a long time now, and it's not unusual for there to be somewhat organized campaigns that target certain vertical industries or geographic regions. But researchers lately have been seeing an interesting pattern of compromises in which attackers somehow add new names to existing domains and use those sub-domains to piggyback on the good reputation of the sites and push counterfeit goods, pills and other junk.
And now they're using the attack to push exploits via the Black Hole Exploit Kit.

The attacks have been ongoing for at least a couple of months and while they're fairly simple in theory, researchers haven't necessarily been able to figure out how the attackers have managed to compromise the domains and get access to the DNS records to add their own sub-domains. What's happened is that attackers have been able to alter the domain records of dozens of existing, legitimate sites, including local government agencies, small businesses, community banks and others and then inserted new sub-domain names into the records.

The link for this article located at ThreatPost is no longer available.