If the .tk domain does not clean up its act immediately it will be blacklisted and will not recover from this attack. Malwarescenario architects have developed a scheme in which they are taking these free redirection domainnames as a cover for their other sites. First it were only a few, than .tk blocked them and they went away but since a few days the number .tk domains that are used in fastflux botnets is growing exponently.
Many blocking services and critical networks will now just blacklist it. Unless it acts now and dramatically.
When the .be domainname was used at the beginning of this year it took belsec some weeks to convince everyone in the chain of command but at last the domain registrar, the justice department and the FCCU had a very simple procedure to take those domains out in a few hours time with very clear procedures and contacts between the different parties. It has since than worked very efficiently and also thanks to arbor networks.
If .tk has no fast procedure to take those domains out as fast as possible with clear procedures and communication lines it will become a wasted unnecessary domainextension that will just be blacklisted.
Viewing the number of .tk domains that are being used now as malware infectors it has no choice but to act now
this is just a part of the list from Arbor Networks (and the list of active zombies seems to be increasing since last week, normally they were around 600 to 800 active zombie domains, now there are around 1600-1800 daily). Maybe the exploits are no coïncidence.
Do not visit these sites, some are chinese and the chinese web is for the moment responsable for most of the zerodays attacks. We don't know if there is a link.