Feed

New Domains from EmergingThreats.net

Posted on January 31st, 2008 in New Domains by dglosser

EmergingThreats has provided us with the following domains:

1a123 (dot) com ads.netbios-local.com
advertisementhost (dot) com asp (dot) milan-fans (dot) com
blackroz (dot) com budppsh (dot) com
cadesfinjeriokas (dot) com cgmess (dot) com
controlmeh (dot) com creatonsoft (dot) com
ebalashka (dot) com farmasearch (dot) com
fixed (dot) milan-fans (dot) com friendx (dot) 4irc (dot) com
gfxgraphics (dot) net hightstats (dot) net
hospedaaqui (dot) com (dot) br host-domain-lookup (dot) com
irc (dot) captainpacket (dot) com iwasborn (dot) strangled (dot) net
key4 (dot) keysearch (dot) co (dot) kr kykbonsa (dot) com
littleworld (dot) pe (dot) kr official (dot) ipointyou (dot) hk
onlinesearch4meds (dot) com paguole (dot) com
parkhuset (dot) net payperdownload (dot) nl
pcdoc (dot) co (dot) kr pimp (dot) foilball (dot) info
selfsearchro (dot) com sypercasino (dot) com
updatemysettings (dot) com vigatans1705 (dot) net
wellbate (dot) com worldcasino (dot) to

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference

New Domains to Block

Posted on January 31st, 2008 in New Domains by dglosser
dajia789 (dot) com himan (dot) opendns (dot) be
ieatironx (dot) weedns (dot) com ko (dot) dd (dot) blueline (dot) be
mymusicband (dot) weedns (dot) com mymusics (dot) dnip (dot) net
myphone3 (dot) dnip (dot) net myphonenumber (dot) weedns (dot) com
xphon3 (dot) opendns (dot) be pvgadget (dot) com
quinquecahue (dot) com removal-tool (dot) com
p4n33123e (dot) dd (dot) blueline (dot) be

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference

spamtrackers.eu

Posted on January 30th, 2008 in spam by dglosser

A nice resource to learn more about spam is spamtrackers. Their wiki is extremely informative and updated several times a day.

Storm/CME711 Spam Domains

Posted on January 29th, 2008 in Domain News,Storm Worm by dglosser

DISOG has a list of over 400 pharmacy related sites, many of which are using 5 minute TTL’s with multiple A records (characteristic of fast-flux). A local copy is  here.

DNS-BH Update – New Malicious Domains added

Posted on January 27th, 2008 in New Domains by dglosser

Added the following domains:

alwaysproxy2 (dot) info getanews (dot) info
goldwindos2000 (dot) com jornalmomento (dot) com (dot) br
key32 (dot) com mail (dot) lightsut (dot) com
p2passion (dot) com pheedo (dot) com
q83000 (dot) com regfixit (dot) com
registrycleanerxp (dot) com rimvoyeur (dot) ru
sogou (dot) com theinstalls (dot) com
theinstalls (dot) net xbytex (dot) com (dot) ar
xxxy (dot) info

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference

Theinstalls.com Crud

Posted on January 26th, 2008 in Domain News,New Domains by dglosser

Matt at Emergingthreats.net reports that www (dot) theinstalls (dot) net is a “one stop” spyware downloader. He’s created some new snort signatures to detect it. Domain will be added on the next update, but you may not wish to wait…

DNS-BH Malicious Domains 2008-01-26 Update

Posted on January 26th, 2008 in New Domains,rogue antivirus by dglosser

Added the following:

0fish (dot) cn 1.ads555 (dot) com
171817 (dot) com 1987324 (dot) com
34portal (dot) cn 123.wwwwool (dot) cn
6njaga (dot) com akamahi (dot) net
b8591 (dot) com brbody (dot) info
newbieadguide (dot) com performanceoptimizer (dot) com
polanddreams (dot) com stlinx (dot) info
thetechnorati (dot) com vozemiliogaranon (dot) com
webmovies-a (dot) com websoft-b (dot) com
xakepy (dot) cn

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference

DNS-BH Possible False Positives

Posted on January 23rd, 2008 in Domain News,Removed Domains by dglosser

Removed ya.ru and sytes.net.

ya.ru seems to be a search engine that malware uses in some way. It is showing up in some sandboxes.

sytes.net seems to be dynamic dns company.

If anyone has any more info about the above domains, please contact me.

Note: A lot of malware uses dynamic dns and forwarders. To avoid being placed on any blacklists (such as this one), please consider registering your own domain.

CoolWebSearch

Posted on January 21st, 2008 in Domain News by dglosser

Webhelper has recently updated his CoolWebSearch Master List. All CoolWebSearch domains will be removed and recertified in the coming weeks.

Important – Malicious Domains to Block

Posted on January 18th, 2008 in New Domains,rogue antivirus,Storm Worm by dglosser

Domains to block (DO NOT VISIT):

31joy.com 3332210.net
333292.com 33391.net
99391.net alwaysproxy.info
antispywareboss.com ibank-halifax.com
lt8818.com nadnadzzz.info
pasengewood.com we168.org

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference