Feed

12/30 DNS Blackhole List Update

Posted on December 31st, 2007 in fake codecs,New Domains,Storm Worm by dglosser

Mostly Storm Worm Domains listed in previous posts:

10000xing.cn 222360.com adslooks.info bnably.com
eqcorn.com kqfloat.com ltbrew.com obebos.cn
ptowl.com qavoter.com siski.cn snbane.com
tushove.com wxtaste.com yxbegan.com tibeam.com
snlilac.com

More Storm Worm Domains

Posted on December 30th, 2007 in New Domains,Storm Worm by dglosser

US-CERT has released it’s own list of storm worm domains:

  • hxxp://newyearcards2008.com/
  • hxxp://merrychristmasdude.com
  • hxxp://ptowl.com <– New
  • hxxp://uhavepostcard.com
  • hxxp://yxbegan.com <– New
  • hxxp://happycards2008.com

  • Also, according to this source, the following domains were purchased the same time:

    tushove.com; tibeam.com; kqfloat.com; snbane.com; yxbegan.com; snlilac.com; qavoter.com; ptowl.com; wxtaste.com; eqcorn.com; ltbrew.com; bnably.com; fncarp.com
    Usually these domains would be considered “unverified”, but in light of the storm worm activity, they will be added to the main list in the next update.

    Storm Worm Domains

    Posted on December 29th, 2007 in New Domains,Storm Worm by dglosser

    domains are now:

    merrychristmasdude.com
    happycards2008.com
    uhavepostcard.com
    newyearwithlove.com
    newyearcards2008.com

    DNS Blocklist Update 12/29

    Posted on December 29th, 2007 in fake codecs,New Domains,Storm Worm by dglosser

    Added: storm worm domains, rogue antivirus, fake codecs

    e-learningcenter.ru flashupdate.net
    googl.name health-hack.com
    home-xxx.com jkh-novgorod.ru
    juhost.ru l0calh0st.jino-net.ru
    natural-amber.com newyearwithlove.com
    orentraff.cn qarchive.net
    s0s1.net taktomi.ru
    traffurl.ru trffc.org
    vip-ddos.org x5x.ru
    xll-g.com milk0soft.com
    xmaturelife.com


    updates are located at http://www.malwaredomains.com/updates
    The full files are located at: http://www.malwaredomains.com/files

    BOOT file is in MS DNS format
    spywaredomains.zones file is in BIND Server format
    domains.txt file is the complete list along with original reference

    New Storm Worm Domain

    Posted on December 29th, 2007 in New Domains,Storm Worm by dglosser

    domains are now:

    newyearwithlove.com <– New Nasty
    merrychristmasdude.com

    happycards2008.com

    uhavepostcard.com

    newyearcards2008.com

    Blogger & Fake Codecs

    Posted on December 28th, 2007 in fake codecs,New Domains by dglosser

    The series of articles at sunbelt’s blog about Blogger sites pushing fake codecs continues.

    Block Blogger and blogspot if your company allows it until google gets a handle on this issue.

    Block video.googl.name immediately.

    Malware Blocklist 12/27

    Posted on December 27th, 2007 in fake codecs,New Domains,Storm Worm by dglosser

    Added: storm worm domains, rogue antivirus, fake codecs

    avsmanufacture.com clsubring.net
    files-secure.com happycards2008.com
    newyearcards2008.com somemisc.info
    sysprocedure.com uhavepostcard.com

    updates are located at http://www.malwaredomains.com/updates
    The full files are located at: http://www.malwaredomains.com/files

    BOOT file is in MS DNS format
    spywaredomains.zones file is in BIND Server format
    domains.txt file is the complete list along with original reference

    sunbelt software blog

    Posted on December 26th, 2007 in New Domains by dglosser

    I’ve been thanked on sunbelt software’s blog for doing some research into how the bad guys are using blogspot to push Fake codec trojans (disclaimer: I’ve used and like their desktop product but have never purchased any of their corporate solutions. However, we all appreciate sunbelt software’s contributions to the fight against malware.

    Blogger/blogspot sites to avoid:

    zagadko.blogspot.com
    xboxlivevidz.blogspot.com
    xa4ubablo.blogspot.com
    videokfda.blogspot.com
    video-ase.blogspot.com
    video-aa.blogspot.com
    veryhotpaper.blogspot.com
    theneeeez.blogspot.com
    supekom.blogspot.com
    sukanahi.blogspot.com
    page47vidz.blogspot.com
    modotvidz.blogspot.com
    melancholyvidz.blogspot.com
    maxjetvideoz.blogspot.com
    lohanvideoz.blogspot.com
    kdotvidz.blogspot.com
    directusapolls.blogspot.com
    daysprings.blogspot.com
    daibabla.blogspot.com
    cityscoopvidz.blogspot.com
    chattingcom.blogspot.com
    carrievideoz.blogspot.com
    bjpvideoz.blogspot.com
    babliko.blogspot.com
    10xgoogle.blogspot.com
    habbovideoz.blogspot.com
    greetingsvidz.blogspot.com
    gaizocd.blogspot.com
    f-videoq.blogspot.com
    europemyusa.blogspot.com
    dubigom.blogspot.com

    Note: these domains will not be added to the blocklist since google is usually very quick about taking them down….

    uhavepostcard(dot)com & happycards2008(dot)com- storm worm

    Posted on December 25th, 2007 in New Domains by dglosser

    Update: domain is now happycards2008.com
    Update #2: domains are newyearcards2008.com, happycards2008.com, and uhavepostcard.com

    Like just with merrychristmasdude (dot) com, uhavepostcard.com downloads the storm worm. It’s being spammed in tons of blogs.

    It’s part of the samefast-flux network as the christmas storm worm – now with at least 8000 nodes. The malware file is currently ‘happy2008.exe’. Source: Internet Storm Center.

    contact form

    Posted on December 25th, 2007 in Email Me by dglosser

    [contact-form 3 "captcha form"]