Feed

PowerShell and DNS Blackholes

Posted on August 31st, 2010 in Domain News by dglosser

Nice article about how to use a free PowerShell script to manage blackhole DNS domains using Microsoft’s Windows Server DNS:

http://blogs.sans.org/windows-security/2010/08/31/windows-dns-server-blackhole-blacklist/?utm_source=rss&utm_medium=rss&utm_campaign=windows-dns-server-blackhole-blacklist

urgent unblock: mit.edu

Posted on August 19th, 2010 in Domain News, Removed Domains by dglosser

mit.edu was listed because of  http://www3.malekal.com/pdf.txt

This seems to be a false positive.

mit.edu has been delisted, please update your blocklists ASAP.

site delisting: autocompletepro.com

Posted on August 16th, 2010 in Domain News, Removed Domains by dglosser

autocompletepro.com has been delisted and will be removed on tonight’s update.

Malware Domains Hall of Shame

Posted on August 15th, 2010 in Domain News by dglosser

In order to keep this list a manageable size,  domains are reevaluated on a regular basis.

About approximately 10,000 domains listed in 2009 were reevaluated for malicious activity by utilizing google safebrowsing.

Sites which did not have any malicious software  downloaded and installed without user consent,  or suspicious content within the last 90 days were removed from the list.

In addition, sites which were listed as harmful but had no malicious software downloaded or suspicious content found in the past 90 days were removed as well.
To our surprise, there were 1132 domains which did not  meet the above criteria and were not removed.

1132 domains which  are still actively involved with maliciousness and badness.
1132 domains which were were associated with malware and badness in 2009 (eight months ago) and are STILL actively involved in malware distribution.

These “Hall of Shame” domains are listed in

http://mirror1.malwaredomains.com/files/longlived_malware_domains.txt
and
http:/www.malwaredomains.com/files/longlived_malware_domains.txt

Analysis  of the hosting and registrars of these “immortal” or “Methuselah” malware domains should prove interesting.

New Article: Blackhole Your Malware

Posted on August 12th, 2010 in Domain News by dglosser

http://www.theregister.co.uk/2010/08/13/sysadmin_black_hole/

Blackhole your malware
Block the bad domains
by Trevor Pott

Site Delisting: legroom.net

Posted on August 9th, 2010 in Domain News, Removed Domains by dglosser

legroom.net has been delisted and will be removed on tonight’s update. Please update your blocklists.

Long-lived malware domains

Posted on August 5th, 2010 in Domain News by dglosser

We’ve been revalidating domains on the dns-bh list. There are over 739 domains (and counting) which were identified as malicious  anywhere between 90 and 360
days ago. but  according to google safebrowsing, are still actively involved in badness.

http://www.malwaredomains.com/files/longlived_malware_domains.txt

Analysis  of the hosting and registrars of these “immortal” or “Methuselah” malware domains may prove interesting.

Typos fixed

Posted on August 5th, 2010 in Domain News by dglosser

We just fixed two typos in the main files. The checksums will not match until they are re-synced.

site delisting: 4shared.com

Posted on August 2nd, 2010 in Domain News, Removed Domains by dglosser

4shared.com has been delisted and will be removed on the next update.

List Cleanup: 630 Domains Removed

Posted on July 31st, 2010 in Domain News, Removed Domains by dglosser

630 domains removed, full list of removed domains here.

Next Page »