Security researchers from Abuse.ch, BrillantIT, and Proofpoint have sinkholed the command and control infrastructure behind EITest, a network of hacked servers abused by cyber-criminals to redirect users to malware, exploits kits, and tech support scams.
EITest, considered the "king of traffic distribution," is a collection of compromised servers on which hackers have installed backdoors. Crooks use these backdoors to siphon off legitimate traffic from these sites and redirect users to malicious web pages.
This type of malicious activity is called "traffic distribution," and many cyber-criminals build such botnets of hacked sites and then rent it to fellow crooks who do with the traffic what they wish.
EITest appeared in 2011, became a rentable TDS in July 2014
EITest first appeared on the cyber-criminal market in 2011, and initially, it was not a rentable traffic distribution system. Its authors used it primarily to drive traffic towards their homegrown exploit kit known as Glazunov, which they used to infect users with the Zaccess trojan.
At the time, this was never a massive threat. EITest operators got smart about their operation in late 2013 when they started to rework their infrastructure, and by July 2014, they began renting out EITest to other malware authors.
