Feed

178 New Malicious Sites

Posted on January 2nd, 2011 in exploit,malspam,Storm Worm,Trojans by dglosser

Malicious Sites containing PDF Exploits, Storm 3.0 and other malware… Sources include safebrowsing.clients.google.com, www.shadowserver.org, malekal.com (Every source is always listed in the domains.txt file):

agalp .ro adservingmedia .co .cc
aidaris .zc .bz advanceddebug .co .cc
baeisa .co .cc basiccollector .co .cc
baidustatz .com bedrijvigmagazine .nl
basicbell .co .cc bestconnector .co .cc
basicicon .co .cc binarycollector .co .cc
betapool .co .cc bulkservice .co .cc
bethira .com chicago-webdesign .net
bitagede .com computergoal .co .cc
bobrs .ru cooldatabase .co .cc
busygain .co .cc debugresolve .co .cc
busyloop .co .cc defenderdebug .co .cc
cbt1 .cz .cc defendericon .co .cc
cifici .com dnsdatabase .co .cc
darlev .com dualanalyzer .co .cc
deepworld .co .cc dynamicrouter .co .cc
domainpc .co .cc easymatrix .co .cc
eachbone .co .cc easyredirect .co .cc
eachdata .co .cc elantrasantrope .ru
elberer .com enginebusiness .co .cc
envoyee .com enginelink .co .cc
faisalwe .com enginemove .co .cc
firstbell .co .cc envirogreensavings .org
fullcore .co .cc expoplugin .co .cc
fuwuiuf .co .cc fireintheyear .com
govtds02 .co .cc fullsystem .co .cc
grf4 .cz .cc globalanalyzer .co .cc
highlevel .biz globalgain .co .cc
hugeloop .co .cc globalicons .co .cc
initialpack .com google-newbot .cn
ladenas938 .com greatsavings .co .cc
leolati .com hallrespondnobody .co .cc
listcore .co .cc internetcore .co .cc
magicmove .co .cc internethelp .co .cc
makonicu .com justanalyzer .co .cc
mildbeat .co .cc lamathrinstexfa .co .cc
milddemo .co .cc linkmatrix .co .cc
mildsite .co .cc magicdefender .co .cc
moredisk .co .cc managerexpert .co .cc
nicedisk .co .cc megaaccess .co .cc
nicepool .co .cc megabrowser .co .cc
nurealla .com mildbrowser .co .cc
pakkagit .com .tr moreservice .co .cc
peakport .co .cc nullportal .co .cc
petros .cz .cc peaksuccess .co .cc
photose .co .cc perfectconnector .co .cc
picshag .com perfectplace .co .cc
planet65w .in plugindomain .co .cc
plasemcel .co .cc pluginhelp .co .cc
plutok1 .cz .cc portalbrowser .co .cc
pointsms .ru productfiles .co .cc
rapidview .cc productkey .co .cc
realseo .co .cc productmode .co .cc
rogerk .us prosuccess .co .cc
satel28x .co .cc protectaccess .co .cc
scypap .com protectanalyzer .co .cc
sebek .cz .cc protectkey .co .cc
softsecupdts .ru quadpassport .co .cc
softsite .co .cc rapidbrowser .co .cc
spotones .co .cc rapidicons .co .cc
spotvalue .co .cc rehyejereeeefh .bij .pl
staticweb .co .cc restaurantinsuranceonthego .com
strixaz .ipq .co richlandproperties .ca
studypenang .com serviceflag .co .cc
suedev .com servicereactor .co .cc
taweku4 .co .cc servicesanalyzer .co .cc
teddamp .com smartclick .co .cc
thjlnubtgdw .com softbooster .co .cc
totaldata .co .cc solidredirect .co .cc
tygraris .cz .cc specialtech .com .co
urlsign .co .cc sperestroikastats .com
vicemenu .co .cc spotredirect .co .cc
vicesite .co .cc staticfiles .co .cc
vindjehier .nu staticresolve .co .cc
vivaloop .co .cc strongsystem .co .cc
vvps .ws tableconect .co .cc
watmahan .ac .th teklamatik .com .br
wekiwe9 .co .cc trustedbell .co .cc
winmini .co .cc vicemanager .co .cc
winnews .co .cc vivasoftware .co .cc
winpass .co .cc wideaccess .co .cc
worldbill .co .cc windowscontrol .co .cc
wweerr .cz .cc windowsmatrix .co .cc
yahoonacy .info windowswrap .co .cc
yayuqi7 .co .cc winexpress .co .cc
zeix .cz .cc worlddisk .co .cc
zolt .cz .cc yjtyjrgwrfdd .bij .pl
zonelink .co .cc yourwebreference .com
zonepass .co .cc zoneclick .co .cc

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible:  http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

malspam, asprox, sql injection domains to blacklist

Sources: www.sudosecure.net,ddanchev.blogspot.com, www.dynamoo.com/blog, www.matchent.com/wpress and others:

456kill .com ministerstwo .nazwa .pl
ad9 .co .in browsetomy .gmxhome .de
aquasphere .cz moveonforu .oranc .co .kr
asp2 .co .in nawaro-management .de
xwarezzz .com outwork-for-you .de
chantal-carlioz .fr porzellanklinik-hinz .de
didierbrockly .info promo2 .es
duka-coaching .dk pyroantispy .com
fastpyroscan .com quimigama .net
fedecopy .com .ar restekiste .com
femyp .com rmodelismo .com
rogger .it firma-thummerer .de
xxxping .com sabineanton .de
gty5 .ru scemprestimoconsignado .com .br
halkjaer .biz snoopen .de
id4 .co .in steveellery .com
idoo .com tch-clubhaus .de
urresti .es thalies .com
zzzping .com jabezinformatica .com
yyyping .com voxinterna .de
megadent .pl frankietomattos .com
mo98g .cn jugendtanzgruppe .de
ww7 .co .in manuelarodriguez .com .br
z0l7 .com  

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

malware blocklist: 66 new domains

Posted on July 29th, 2008 in asprox,fake codecs,iframes,New Domains,rogue antivirus,sql injection,Storm Worm by dglosser

asprox domains, “copycat” sql injection domains, storm worm domains, and a few rogue antivirus sites.

Sources include ddanchev.blogspot.com, www.sudosecure.net, mtc.sri.com, and others:

8591tw .com ncb2 .ru
njep .ru nimolp .net
oics .ru antivirusxp-08 .com
91tg .net alparslanovayurt .com
asmworm .com rid72 .co .uk
asp32 .co .uk sec82 .co .uk
atmacasoft .com smartnewsradio .com
avxp-08 .com ssl62 .co .uk
b4so .ru stocklownews .com
gggjjj .info antivirusxp-2008 .com
uid45 .co .uk toplessdailynews .com
bjxt .ru toplessnewsradio .com
bnsr .ru fednewsworld .com
bosf .ru wapdailynews .com
bsko .ru web58 .co .uk
cid82 .co .uk winxp-antivirus .com
tag38 .co .uk 50db34d5 .info
rm510 .com 51113 .com
dl87 .co .uk goodnewsgames .com
633f94d3 .info hyper-space-fuel .ru
63afe561 .info bestvaluenews .com
fethard .biz 8d77b42a .info
ad9178 .com companynewsnetwork .com
ads002 .net baltikaredison .ru
cn3721 .org ebookfinaltrash .ru
freefl .info grepware-facility .ru
idcads .info content-type .cn
jbeegvia .ru efreesky .com
kj5s .ru guerrero-tuning .com
sb941 .com koromanskipart1 .ru
logisigns .net goodnetads .org
mode82 .co .uk gronxplanets .ru
5iyy .info codechost .com

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

Asprox and Storm Worm Domains

Posted on July 17th, 2008 in asprox,iframes,sql injection,Storm Worm by dglosser

Some ASPROX SQL injection domains and storm worm domains to add to your blocklists.

Sources include www.dynamoo.com/blog/, www.sudosecure.net and others:

addrl .com americanmedicalguide .eu
adpzo .com advancedcaremedical .eu
korfd .ru medicalhealthdeath .eu
aetopoulos .de medicaljobsgroup .eu
lovelifecash .com medicalworldinc .eu
bphostdomains .com medicalworldlink .eu
brcporb .ru onlineregistryscan .org
btoperc .ru themedicalmarket .eu
cdport .eu updates .advert-network .com
fixaserver .ru verynicebank .com
gbradde .tk wellnesssurgical .eu
gitporg .com win-x-defender .com
grtsel .ru womenmedicalcenter .eu

Contact us if you want to help keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!

New Asprox, zlob, Storm Worm Domains to block

Posted on July 6th, 2008 in iframes,New Domains,sql injection,Storm Worm,zlob by dglosser

New domains associated with asprox, zlob, and Storm Worm.
Many are being used in the latest SQL IFrame injection attacks:

1ive .net musiconelove .com
asp63 .com nationwide2u .cn
bestlovelyric .com makeloveforever .com
canclvr .com shelovehimtoo .com
cnzuma .cn spywareonlinescanner .com
cont67 .com lovekingonline .com
form43 .com superlovelyric .com
foursn .cn testwvr .com
gonelovelife .com theplaylove .com
greatadore .com ucomddv .com
knowholove .com makingadore .com
ktrcom .com makingloveworld .com
likethisone1 .com user1 .zhong262 .cn
lokriet .com wantcherish .com
stiwdd .com whoisknowlove .com
upcomd .com wholovedirect .com
portwbr .com wholoveguide .com
loveoursite .com loveisknowlege .com
mainbvd .com lovemarkonline .com
urs .axa-axa .cn

Sources: infosec20.blogspot.com, blog.scansafe.com, sudosecure.net, and others. Check the latest updates file for the original reference.

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Important – new domains to immediately block

Posted on April 11th, 2008 in fake codecs,rogue antivirus,Storm Worm by dglosser

Important domains to consider filtering or blocking immediately. These domains include Bobax trojan domains, zlob trojans, new storm worm domains with active exploits, in-the-wild exploit attempts  targeting a GDI vulnerability patched by Microsoft on April 8, 2008  and more. As noted earlier, some dynamic dns domains were reluctantly added due to an abundance of caution, due to the recent large increase in kraken domains. Remove them if you wish.

3traff..com kowaru..cn
7traff..com limpodrift..cn
xhost..ro loveinlive..cn
amrc..com..tw mega911..com
mmcodecs..com ad..goog1e..googlepages..com
biggetonething..cn newoneforyou..cn
dns4biz..org no-ip..info
fireoniraw..com orthelike..com
Flwsolution..com radioks..net
gasperoblue..cn stat-diagnostic-imaging..net
giftapplys..cn supersameas..com
gribontruck..cn Swfinstrument..com
igloofamily..com thingforyoutoo..cn
kingmaxone..com waytotheprofit..com
koplemetation..net antispywaremaster..com

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference

25 more domains added to blocklist

Posted on February 14th, 2008 in New Domains,spam,Storm Worm by dglosser

25 additional bh-dns blocklist domains, from various sources. Includes trojans, fast-flux domains, top spam domains, etc:

987408.com aaahme (dot) info
alaskanloxajz (dot) com biggerlongerbetter (dot) com
boratchik (dot) com denizendream (dot) org
destroythemoon (dot) com fortunebird (dot) biz
geremsihesel (dot) com hitijeoairnv (dot) biz
iowandream (dot) info jeennervel (dot) com
jieneesterns (dot) com kentuckianfuker (dot) com
leadygyved (dot) com lovesinchesadds (dot) com
lovesitlongerst (dot) com manukazorada (dot) biz
moonstarfood (dot) com negativebeats (dot) com
netzakdjuq (dot) biz rideherhardwets (dot) com
sadukkanora (dot) com shorterisnotgosh (dot) com
unbestersmaven (dot) com

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Storm Worm Valentines Day Spam

Posted on February 13th, 2008 in Domain News,Storm Worm by dglosser

The Internet Storm Center reports the destroythemoon.com and moonstarfood.com (fast-flux) are being used in the latest Storm Worm Valentine’s day spams. Will be added tonight, but you shouldn’t wait….

Update: block 987408.com as well. Sunbelt Blog reports spam with a link to this domain, containing a very nasty and dangerous trojan.

20 New Malicious Domains to Block

Posted on February 13th, 2008 in New Domains,Storm Worm by dglosser

From various sources:

aaakemegood24 (dot) com aaauaa (dot) info
agoga (dot) com blagoinc (dot) info
bzx (dot) cn cfm48 (dot) com
ddlsite (dot) com doginhispen (dot) com
fapparatus (dot) com freecodesource (dot) com
gicoupler (dot) com gxgxy (dot) net
hotbb (dot) cn makemegood24 (dot) com
micralokp (dot) biz my-nude-girl (dot) com
perfectchoice1 (dot) com portki (dot) info
skitodayplease (dot) com stabilt (dot) se
whataboutadog (dot) com

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

domains.txt file is the complete list along with original reference
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Happy Valentines Day From the Storm Worm

Posted on February 11th, 2008 in Storm Worm by dglosser

Arbor Networks and SpamWiki, among others, reports Happy Valentine Day Storm Worm Spam with varying subjects:

  • Sending You My Love
  • A Toast My Love
  • Your Love Has Opened
  • Sending You My Love
  • When I’m with You
  • Our Love is Free
  • When You Fall in Love
  • A Token of My Love
  • I Love Thee
  • Hugging My Pillow and more….

For now, the BadGuys are using IPs in their email. EmergingThreats has a bunch of Storm Sigs and IP blocklists to catch this stuff.

SpamWiki seems to always has the most up-to-date information on the Storm Worm and other Spam.