Over 100 new domains to block

Posted on August 26th, 2008 in New Domains, asprox, fake codecs, rogue antivirus, sql injection, zlob by dglosser

Lots of rogue security domains, some asprox, some zlob. Sources: sunbeltblog.blogspot.com, ddanchev.blogspot.com, malwaredatabase.net, and others:

1000ylc .cn codecservice1 .com
2008antivirus .net codecservice6 .com
2008antivirusxp .com antivirus-noadware-2008 .com
2antivirus2008 .com encountertracker .ws
3antivirus2008 .com expressantivirus2009 .com
5antivirus2008 .com faunarium .net
6antivirus2008 .com antispyware2008sales .com
8antivirus2008 .com freeantivirus2009 .com
adult-s-portal .com freevidshardcore .com
adult-x2008 .com thefunny-08 .com
firstblu .cn fwlprocedure .com
gnaa .us antispydeluxe2009 .com
antitrojan-2008 .com hotadulttube08 .com
antivir-64 .com moyapodruzhka .com
antivir2008 .us mpegadaptationcom
antivir2009 .com msantivirusxp .com
antivirus-2008-xp .com msscanner .com
antivirus-2008 .org myantivirusprotection2009 .com
antivirus-best-2008 .com newcontent-s2008a .com
crklab .us newfunnyvideo .com
antivirus-pro-2008 .com norton-antivirus-2007 .com
funny-08 .com norton2009antivirus .com
antivirus2008-pro .com nortons2009antivirus .com
antivirus2008-pro .name nortonsantivirus2009 .com
antivirus2008-pro .org porndebug .com
antivirus2008b .net pornmoviestube .net
antivirus2008m .net realonlinevideo-2008 .com
antivirus2008n .net antivirus-protection2008 .com
retoneva .com scanner-prot .com
antivirus2008pro .name secure-online-antivirus .com
antivirus2008v .net sexlookupworld .com
siteresults1 .com sfwinstrument .com
antivirus2009free .com antivirus2008pro-download .org
antivirus777 .com spywarepreventer .com
stars-08 .com starfeed1 .com
antivirusonline-2009 .com antivirus2009-freeverscan .com
antivirusq .net thebigstars-08 .com
antivirusr .net thebigstars2008 .com
antivirussofware2008 .com yourfavoritetube .com
antivirussolution2008 .com themusic-08portal .com
antivirusu .net thestars-08 .com
antivirusw .net thestars08 .com
antivirusxp2008 .org thestars2008 .com
bestcelebs .ru topdirectdownload .com
bestfunnyvids .com topsoftupdate .com
beyru .ru win-antivirus-protect .com
celebs69 .com windows-antispyware-2008 .com
celebsnofake .com worldstars2008 .com
celebstape .com antivirusfreescan2009 .com
celebsvidsonline .com xp-2008-antivirus .com
wwvyoutube .com xp-antivirus-2008 .com

Contact us if you want to help us keep the Malware Blocklist current.domains.txt file is the complete list along with original reference.Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

biblegateway.com

Posted on August 23rd, 2008 in Domain News, Removed Domains by dglosser

biblegateway.com was listed on Norton’s safeweb yesterday as a malicious site. We added it to the blocklist.

I received an email asking to reconsider as the site does not contain malware. I rechecked nortons safeweb, and linkscanner, and the site appears clean. The site was immediately removed from the blocklist.

I received another email, asking me if it was some kind of “sick joke”, and included the following:

I am not sure this was some sort of display of trickery to infringe on my right to free speech and religious freedom… But it certainly does seem to have an anti-Christian agenda to it.

Trickery? infringement on free speech and religious freedom? Anti-christian agenda?

I started this list as a another tool in the fight against malware. This kind of email makes me wonder if it is worth it.


This project is a volunteer non-for-profit project. We have no wish to list a site unfairly. Although every effort is made to ensure the list is error free, mistakes can and will occur. We do not want to list anything that should not be listed. This list is not intended to block ad serving, or any other legitimate activity. It’s intent is to help network operators and others to identify and stop malware infections.This list comes with no guarantees. We all have other full-time jobs. This is a completely volunteer effort as part of the fight against malware.The average time between asking for a site to be delisted and the site actually being delisted (if warranted) is less than 24 hours.

Threatening legal action, threatening to start legal proceedings, accusing us of being “anti-christain” and trickery to infringe on someone’s right to free speech and religious freedom will result in a much longer delay in getting a site removed.

Please keep it professional and don’t make accusations.

dnsbh update - 61 asprox, fake antivirus domains

Posted on August 22nd, 2008 in asprox, fake codecs, rogue antivirus, sql injection by dglosser

asprox, storm worm, rogue antivirus domains, and more domains to add to your domain blacklist.
Sources: www.matchent.com, www.sudosecure.net, www.abuse.ch,ddanchev.blogspot.com, and others:

2000y .net flashbill .netrbn
aaszxe .ru freepostcardonline .com
aaszxi .ru g26 .su
aaszxo .ru harrowonthehillsfk .info
aaszxp .ru hassomeonelostininter .net
aaszxq .ru antivirusxp-08 .net
aaszxr .ru yourlettercard .com
aaszxt .ru jetp6 .ru
aaszxu .ru loginconfirm .su
aaszxw .ru loginupdate .su
aaszxy .ru loginverify .su
n73 .su loopk .ru
avalonpay .com digitalaudiopostcard .com
b8c .su netr2 .ru
bankconfirm .su nucop .ru
bankupdate .su oldpostcardshop .com
bankverify .su port04 .ru
iopoe .ru supergreetingcard .com
beyry .ru superlettercard .com
biblegateway .com ueur3 .ru
blatundalqik .ru userconfirm .su
brprbgok6 .com userupdate .su
c6c .su userverify .su
c75 .su v95 .su
che .js verifybank .su
confirm .su vj64 .ru
wk8 .su vvb .su
econfirm .su wfrules .ru
f38 .su bestlettercard .com
f48 .su worldpostcardart .com
iopc4 .ru

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

MaraDNS

Posted on August 21st, 2008 in News by dglosser

MaraDNS has a reputation as one of the most secure DNS servers available.

Alexander Clouter <alex - at - digriz.org.uk> has created a script to create MaraDNS compatible zone files. It’s located at http://www.malwaredomains.com/files/createmaradns-pl.txt (change the extension to .pl). Please try it out and give us feedback. Thanks to Alexander for his hard work!

88 new domains to block: rogue antivirus, fake codecs, and more

Posted on August 19th, 2008 in asprox, fake codecs, rogue antivirus by dglosser

fake antivirus, fake codecs, a few asprox sites. Sources:ddanchev.blogspot.com, malwaredatabase.net, s3cwatch.wordpress.com, and others:

mytube4 .com antivirus-bestsolution .net
antivir64 .com antispyguard-scanner .com
antivirus-2008y-pro .com noadwareantivirus .com
nortonsoft .com antivirus2008pro-download1 .com
antivirus-scanner .net powerantivirus-2009 .com
antivirus0003 .com powerantivirus2009 .com
antivirus0004 .com purchase-anti .com
antivirus0005 .com pwrantivirus .com
antivirus0006 .com pwrantivirus2009 .com
antivirus0007 .com browsersecuritycenter .com
antivirus0015 .com scanner-pwrantivirus .com
myfreespace3 .com scanner-xpertantivirus .com
ratemyblog1 .com scanner .antivir64 .com
wordpress .firm .in securityscannerfree .com
streamhotvideo .com solution-freeantivirus .com
teledisons .com antivirus2008t-pro .com
top-pc-scanner .com supersolution-antivirus .com
antivirusproxp .com supersolution-freeantivirus .com
antivirusxp-pro .com systemscanner2009 .com
antivirusxp2009 .com antivirus2009online .com
bbjvehght .com theantivirusscan .com
beginner2009 .com antivirus2009professional .com
blazervips .com antivirus2008pro-download2 .com
update-direct .com updatesantivirus .com
clear-clean .de virus-onlinescanner .com
defender-scan .com virus-securityscanner .com
drivemedirect .com watcher-scan .com
eyigehght .com webscannerfreever .com
fastupdateserver .com webscweb-scannerfree .com
fastwebway .com windows-defense .com
mycom .biq .cn windows-scannernv .com
freebmwx3 .com wista-antivirus2009 .com
ggqvehght .com antivirus4protection .net
global-advers .com freebest-antivirus .net
myfavoritetube .net goodantivirus-free .net
greatvideo3 .com xpantivirussecurity .com
xp-guard .com xpcleaner-online .com
xp-protectsoft .com xpertantivirus .com
main-scanner .com internet-defense2009 .com
mcprivate .biz internetscanner2009 .com
megacodec .biz

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

Cross-Site Scripting

Posted on August 18th, 2008 in News by dglosser

Search on  www.xssed.com and make sure your site is not listed as a site vulnerable o cross-site scripting (XSS)*

*Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. (Source: http://en.wikipedia.org/wiki/Cross-site_scripting)

Rogue antivirus, asprox, rbn domains: add to blocklist

Posted on August 17th, 2008 in New Domains, RBN, asprox, rogue antivirus, sql injection by dglosser

Rogue antivirus, asprox, rbn domains to add to your blocklist. Sources:
blogs.zdnet.com, rbnexploit.blogspot.com, safeweb.norton.com, and others:

3gigabytes .com googlecomaolcomyahoocomaboutcom .net
3njx .ru guagaga .net
ujnc .ru hirza .net
a814 .cn i56web .org
acs86 .com idolhotels .com
okcd .ru jckxjcux .com
adwarealert .com a-nahui-vse-zaebalo-v-pizdu .com
nbh3 .ru mgconstrucoes .com
bcus2 .ru adware-download .com
bluexzz .cn windows-scanner2009 .com
paiuuag .net byronadvertising .eu
cb3f .ru antivirus-2009-pro .com
ccuuuag .biz pizdos .net
cnld .ru registryupdate .org
cv34 .co .uk scforum .info
db23 .co .uk stopgeorgia .info
ewwxbhdh .com stopgeorgia .ru
favoredtube .com toksikoza .net
givuifib .com google-analysis .com
ohueli .net vavscan .com
killgay .com yandexshit .com
yuku .com worknssrv .cn

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

DNS-BH Update: asprox & fake antivirus domains to block

Posted on August 11th, 2008 in asprox, rogue antivirus by dglosser

Malicious domains include lots of rogue antivirus, fake antimalware, and asprox domains.

Sources: www.shadowserver.org, www.matchent.com, sunbeltblog.blogspot.com, malwaredatabase.net, and others:

sss0 .co .uk antispyware2008scanner .com
sss2 .co .uk softwareantivirus2008 .com
ter2 .co .uk free-2008-antivirus .com
testyourantivirus .com free-2008-antivirus .net
ticketlight .com free-antivirus-2008 .com
xp2008antivirus .net free2008antivirus .com
ysh2 .co .uk free2008antivirus .net
zirvehit .com getas2008xp .com
ds12 .co .uk software-2008-antivirus .com
ds92 .co .uk software-2008-antivirus .net
ia-license com software-antivirus-2008 .com
ia-payment com software2008antivirus .com
ia-scanner com software2008antivirus .net
ia-support com softwareantivirus .net
Internet-antivirus .com 2008-software-antivirus .net
internetsecuritydeluxe .com 2008-xp-antivirus .com
nowantivirus .com 2008antivirusfree .com
rr3 .co .uk 2008antivirusfree .net
as2008dl .com 2008antivirussoftware .com
dfs3 .co .uk 2008antivirussoftware .net
antivirus2008free .com 2008antivirusxp .net
antivirus2008free .net 2008freeantivirus .com
antivirus2008software .com 2008freeantivirus .net
antivirus2008software .net 2008softwareantivirus .com
antivirus2008xp .net 2008softwareantivirus .net
antivirus2009-software .com 2008xpantivirus .net
antivirusfree2008 .com antivirus-2008-free .com
antivirusgl .com antivirus-2008-free .net
antivirusprotection .us antivirus-2008-software .com
2008-antivirus-free .com antivirus-2008-software .net
2008-antivirus-free .net antivirus-free-2008 .com
2008-antivirus-software .com antivirus-software-2008 .com
2008-antivirus-software .net 2008-free-antivirus .com
2008-antivirus .net 2008-free-antivirus .net

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

44 new malicious domains to block

Posted on August 8th, 2008 in asprox, fake codecs, rogue antivirus, sql injection by dglosser

malicious domains include asprox, malspam, rogue codecs, fake antivirus.

Sources: garwarner.blogspot.com, safeweb.norton.com, www.matchent.com, bharath-m-narayan.blogspot.com, and others:

1000mg .cn op21 .co .uk
arjahevif .com plgou .com
attomega .com mpegutility .com
aykjfgves .com pressdownloadtostart .com
ba1do .com red-codec .net
bardaue .com .br renderize .net
bkgpfgves .com sdo .1000mg .cn
busyfgves .com sibercar-card .com
dmiafgves .com sol .innopulse .es
faj4ehght .com squinento96 .com
famoutoito .net ticketmoon .net
pov .ru tm19 .co .uk
nitrocodec .net ui27 .co .uk
gfdpves .com wr28 .co .uk .
hhr2ehght .com xxkk .net
hwh2ght .com flwinstrument .com
iwi5fgves .com megabestsoftnah08 .com
o23 .co .uk gabfundopv .com

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

CNN MalSpam

Posted on August 6th, 2008 in Domain News, Phishing, spam by dglosser

CyberCrime has a full list of URLs in the latest wave of malspam using CNN headlines as a subject line. Some of the domains have been cleaned up, but many are still active. We will be adding the active domains still hosting the malware spam on the next update.

malspam, asprox, sql injection domains to blacklist

Posted on August 5th, 2008 in Domain News, Storm Worm, asprox, fake codecs, iframes, rogue antivirus, spam, sql injection, zlob by dglosser

Sources: www.sudosecure.net,ddanchev.blogspot.com, www.dynamoo.com/blog, www.matchent.com/wpress and others:

456kill .com ministerstwo .nazwa .pl
ad9 .co .in browsetomy .gmxhome .de
aquasphere .cz moveonforu .oranc .co .kr
asp2 .co .in nawaro-management .de
xwarezzz .com outwork-for-you .de
chantal-carlioz .fr porzellanklinik-hinz .de
didierbrockly .info promo2 .es
duka-coaching .dk pyroantispy .com
fastpyroscan .com quimigama .net
fedecopy .com .ar restekiste .com
femyp .com rmodelismo .com
rogger .it firma-thummerer .de
xxxping .com sabineanton .de
gty5 .ru scemprestimoconsignado .com .br
halkjaer .biz snoopen .de
id4 .co .in steveellery .com
idoo .com tch-clubhaus .de
urresti .es thalies .com
zzzping .com jabezinformatica .com
yyyping .com voxinterna .de
megadent .pl frankietomattos .com
mo98g .cn jugendtanzgruppe .de
ww7 .co .in manuelarodriguez .com .br
z0l7 .com  

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

Next Page »