Feed

DNS-BH Update: 102 New Malicious Domains

Posted on February 29th, 2008 in New Domains by dglosser

102 new domains associated with malware, mainly from the emerging threats sandbox:

41tg (dot) com adoptium (dot) com
bbin (dot) ru ipv9 (dot) info
mobi (dot) xiaomeiti (dot) co najd (dot) us
perosanala (dot) cn pharmaceu (dot) biz
pharmacy-for-you (dot) biz pic6 (dot) keyrun (dot) com
pilot (dot) reptar (dot) info pizdashka (dot) com
planetcnc (dot) com-no playmp3z (dot) biz
pointfree (dot) co (dot) kr pokupki24 (dot) info
postcards-2 (dot) com postcards-3 (dot) com
postcards-4 (dot) com profileiskut (dot) com
q8cv (dot) org qhzaixian (dot) cn
r0bots (dot) name ratingtop100 (dot) ru
reptar (dot) info rhelper (dot) com
rockfish (dot) co (dot) kr rodekruisboomrumst (dot) be
rotatemeh (dot) com roxftprox2 (dot) xpg (dot) com (dot) br
rxmods (dot) net s2fnew (dot) com
sackhost (dot) com samuraildr (dot) cn
sciencesecure (dot) com sdajk46546 (dot) com
sdihsihdsfsofhsohs (dot) net searchexplorer (dot) com
searchonlineinfo (dot) com secureproservice (dot) com
service-porn (dot) com setting3 (dot) 9999mb (dot) com
setting3 (dot) yeahost (dot) com settings (dot) myhomeplace (dot) hk
shaohen6677 (dot) com soft (dot) ccn (dot) tw
softcashier (dot) com softwarerevenue (dot) org
solo (dot) runin (dot) us sonerick (dot) com
speedgzs (dot) net (dot) cn spi (dot) domainsponsor (dot) com
spysnipe (dot) com support-solution (dot) info
system-defender (dot) com tanusito (dot) com
tassweq (dot) com teklanotis (dot) com
tende (dot) biz tiger (dot) locationinformationservice (dot) com
tigranuhi (dot) info topgameland (dot) com
turbocodec (dot) com tvxffjgu (dot) biz
tvxffjgu (dot) com tvxffjgu (dot) net
uccgogo (dot) co (dot) kr ucdq (dot) com
vivofot0torpedo (dot) com vizacontrol (dot) info
vqnwrn-khnqfkv (dot) com vqnwrn-wcktbd (dot) com
vqnwrnefvz (dot) com vqnwrnkhnqfkv (dot) com
vtvcp-ymct (dot) com weberror (dot) cn
weirdboxik (dot) com werdagoniotu (dot) com
wgwfhksh (dot) com winreanimator (dot) com
wiredx (dot) in woaishizixiu (dot) cn
xcrh-efvz (dot) com xepace (dot) cn
xepacuma (dot) info xfwddegh (dot) com
xgbsgchk (dot) com xkirill (dot) org
xsps (dot) net xtalaqx (dot) no-ip (dot) info
yahoo550 (dot) com yfyculpefvz (dot) com
yossi-gay (dot) com youshow (dot) co (dot) kr
z145 (dot) com (dot) cn zagryzok (dot) net
zdom (dot) ru zerx-virus (dot) net
ziyoulonglive (dot) com ziziz (dot) info
zzz (dot) cn directnameservice (dot) com


Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

DNS-BH Update: 37 new malicious domains added

Posted on February 27th, 2008 in fake codecs,New Domains,rogue antivirus by dglosser

From Misc sources, check the domains.txt file for the original source:

1ccfcu.org 2222mb.com
balbv.cn buhaterafe.com
buytraffic.cn chportal.cn
codec-the.com coripastares.com
gt-movies.com infestop.com
jslib2.info mastertools.us
mynudenetwork.com navi-movie.com
nbar.co.kr neosap.ru
new.najd.us nguide.co.kr
noecho.org nokhbah.org
nsworklab.com nuvodka.com
offers-4u.biz ohohoh.co.kr
oicp.net onlinegameblogger.com
oversite.co.kr pawlacz.com
pepato.org sclgntfy.com
spy-rid.com spywareisolator.com
swpower-team.net tds-service.net
warinmyarms.com winifixer.com
xanjan.cn  

Help fight spyware: Join the Spyware Listening Post!domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Exploit and Malware Serving Domains and IPs

Posted on February 27th, 2008 in Domain News by dglosser

Immediately add to all blocklists (source: http://ddanchev.blogspot.com/):

buytraffic.cn/in.cgi?11 - 62.149.18.34
sclgntfy.com/ent2763.htm - 85.255.118.12
tds-service.net/in.cgi?20 - 72.233.50.148
spywareisolator.com/landing/?wmid=sga - 72.233.50.150
warinmyarms.com/check/upd.php?t=670 - 58.65.239.114
coripastares.com/in.php?adv=1267&val=3ee328 - 202.83.197.239
xanjan.cn/in.cgi?mikh - 78.109.22.246
chportal.cn/top/count.php?o=4 - 203.117.111.102
buhaterafe.com/in.php?adv=1208&val=65286d - 202.83.197.239
193.109.163.179/exp/count.php
193.109.163.179/exp/getexe.php
78.109.22.242/mikh/1.html
78.109.22.242/sh.html

will be added in tonite’s update but you should add to your blocklists ASAP.

DNS-BH Update: Malicious Phishing Domains and More

Posted on February 26th, 2008 in New Domains,Phishing by dglosser

Added 65 new domains, phishing/botnet domains from Dancho Danchev’s blog as well as malware caught in the Emerging Threats Honeypot:

522love (dot) cn 7abeeb (dot) net
88huang (dot) cn 969222 (dot) com
alimama (dot) com arab-hacker (dot) org
asp29 (dot) com asp63 (dot) net
aspx77 (dot) in aspx83 (dot) in
aspx94 (dot) in bank45 (dot) us
bao01 (dot) com boa23 (dot) com
boomlance (dot) com buyaoni (dot) com
ccpoweri (dot) com cfm83 (dot) net
com94 (dot) net discount-pharmacy-online-e (dot) com
h3ll (dot) org herekittykittykitty (dot) info
hexun (dot) com housechat (dot) org
icpcn (dot) com imergeyou (dot) com
info23 (dot) in ireckless (dot) com
lovemmll (dot) cn mainfeedhere (dot) com
me2grovana (dot) info mecander.ccddeeffgghh (dot) com
meusarkivosjonas.kit (dot) net meza69 (dot) com
minhascoisas2oo8.kit (dot) net mircogrov2pay (dot) info
monalisa2008.kit (dot) net moscow-students (dot) ru
motor.rwi (dot) pl msfds (dot) com
mufangjie.oicp (dot) net mvl0an7 (dot) com
mynaagencies (dot) com nagitiriheiwu (dot) net
naizi68 (dot) com net18 (dot) in
net73 (dot) net net94 (dot) us
pid83 (dot) net ref34 (dot) us
sec26 (dot) net sec94 (dot) in
setx (dot) info sid45 (dot) com
site17 (dot) in site37 (dot) in
ssd47 (dot) com ssl18 (dot) net
ssl19 (dot) com ssl62 (dot) net
web42 (dot) in web59 (dot) net
web636 (dot) com www84 (dot) in

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Botnet infected hosts

Posted on February 25th, 2008 in Domain News by dglosser

Dancho Danchev lists the following domains as botnet infected hosts sending out phishing emails and as well as what’s been sending out the recent fake Microsoft Critical Live Update emails:

asp29.com asp63.net aspx77.in cfm83.net
aspx83.in aspx94.in bank45.us boa23.com
com94.net info23.in net18.in net73.net
net94.us pid83.net ref34.us sec26.net
sec94.in sid45.com site17.in site37.in
ssd47.com ssl18.net ssl19.com ssl62.net
web42.in web59.net web636.com www84.in

Please add to your blocklists, will be added here on the next update.

New Malicious Domains: 2008 Feb24 Update

Posted on February 24th, 2008 in New Domains by dglosser

Mainly from the emerging threats sandbox:

9966 (dot) org addiction561 (dot) com
amtris (dot) net arabhell (dot) net
crash-packet (dot) net h-ss (dot) cn
h-tt (dot) cn haiys (dot) eiheihre3 (dot) com
hanashteam (dot) com hardstream (dot) cn
hg7890 (dot) com hguwkxhd (dot) com
hjsubddd (dot) com hk365 (dot) info
hkcsftku (dot) biz hkcsftku (dot) com
hkcsftku (dot) net hs (dot) mich0wn3d (dot) net
httpdoc (dot) info i-platform (dot) cn
ic-helpdesk (dot) com ikizceonline (dot) com
imageshacksite (dot) us imtony (dot) 007sites (dot) com
instantsending (dot) bz ipinin (dot) com
irc (dot) albadoor (dot) net irc (dot) ashnet (dot) org
irc (dot) swpower-team (dot) net irc2 (dot) virus (dot) org (dot) nz
irleet (dot) weedns (dot) com itakkasa (dot) cc
jinantogo (dot) com jogabonito (dot) csfullgroup (dot) com
khnqfkvvqnwrn (dot) com kpang (dot) com
kroptix (dot) net kuwaitarmy (dot) net
loadbalanse (dot) info lovemina (dot) com
magian (dot) ru mail (dot) nsa (dot) co (dot) th
maincreditcard (dot) net makingmoneynetwork (dot) com
mario4ever (dot) org masgio (dot) info
masovka (dot) jino-net (dot) ru max-gate (dot) com
nairalanders (dot) net ramoneymayker (dot) cn
youngpeyatech (dot) info

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

DNS-BH List Cleanup 120 domains removed

Posted on February 23rd, 2008 in Domain News by dglosser

We have just recertified another set of domains, which has resulted in the removal of 120 domains.
The general criteria for removal: the domain not listed in any forums, antivirus/ antimalware web sites, blogs, etc. as being associated with malware for approximately 3 years.

Diff files have been provided.

BH-DNS Malware Blocklist Update

Posted on February 21st, 2008 in New Domains by dglosser

New Malware Domains, mainly from the emerging threats sandbox:

bestcardoffer (dot) info bestwebleader (dot) com
blackcodec (dot) com bots (dot) bts0wn3d (dot) info
bots (dot) oicoite (dot) com bsijdjvv (dot) com
bublgum (dot) net bush17 (dot) mail333 (dot) su
c0re (dot) cc caca (dot) myftp (dot) biz
cardsharing (dot) 1gb (dot) at carjq (dot) com
casino-staff (dot) info cdcegewe (dot) com
cfgnzm (dot) aswend (dot) com cherok (dot) prout (dot) be
chobouser (dot) info claro2002modificado001x (dot) xm (dot) com
codecmoon (dot) com commercetranslation (dot) com
commercialloansolutions (dot) net configmoa2008 (dot) kit (dot) net
coolboard (dot) org coolmelife (dot) com
creatonprojects (dot) com csiclasnwebgamer (dot) com
ctrlsystems (dot) info customsubmit (dot) com
d1047168 (dot) domain (dot) com ddl (dot) padonaque (dot) info
deathrowbeach (dot) com desmantelofest (dot) com (dot) br
cybernix (dot) info dfxb120 (dot) beijing (dot) am
dg0 (dot) ath (dot) cx dgo (dot) ath (dot) cx
dgoh (dot) ath (dot) cx djtkfgjf (dot) com
dong (dot) nagitiriheiwu (dot) net douga-tengoku (dot) com
down.free-link.co (dot) kr downloadfile (dot) org
dozex (dot) i-steal-music (dot) info dpf (dot) kit (dot) net
dpoint (dot) co (dot) kr dreamx (dot) prout (dot) be
drpcclean (dot) com dvbrehberi (dot) com
dzpia (dot) com e7du (dot) cn
easypoint (dot) kr easyspywarecleaner (dot) com
efvz-awnn (dot) com efvzvqnwrn (dot) com
efvzxcrh (dot) com elena (dot) ccpower (dot) ru
endero (dot) ath (dot) cx equoteautoinsurance (dot) com
f1visa (dot) info f6cbf (dot) in
fc (dot) webmasterpro (dot) de feedbuk (dot) com
fisher (dot) globat (dot) com forgotabouttroubles (dot) com
freeforumss (dot) org fxudxkjd (dot) com
ganarpastafacil (dot) com gateow (dot) com
genesisstore (dot) sk getlawonline (dot) com
getupdate (dot) pass (dot) as gh0st (dot) us
gjhfhsue (dot) com globalpp (dot) net
globalrush (dot) info glocalnet (dot) se
godaddyy (dot) net googleads (dot) name
greatauctiondrop (dot) net greece-escort-services (dot) com
ixcodec (dot) net jeiahsdod (dot) net
leetz (dot) info nigr (dot) biz
operacodec (dot) net r00x (dot) info
updatedrivers (dot) cn urpal43sourpalhuh (dot) com
xpdownloadings (dot) com claro2007modificado002p (dot) xm (dot) com
down.free-link.co (dot) kr  

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Blackhole DNS update 2008 Feb 20

Posted on February 20th, 2008 in New Domains by dglosser

New Domains, mainly from the emerging threats sandbox:

126 (dot) com 1y1w (dot) com
403 (dot) hqhost (dot) net 60888 (dot) tw
610times (dot) com 76groupe (dot) rtgasia (dot) com
abmmrvthjr (dot) com abmr (dot) net
ackrite (dot) info adbaaz (dot) com
adbiz-pool (dot) com adxanet (dot) net
ajurox (dot) com aliletian (dot) cn
andy21 (dot) com appaloosa (dot) no
arclane (dot) com areal-realt (dot) ru
22z (dot) ru av-update (dot) in
av-update (dot) net avcheck (dot) net
awnn-ygco (dot) com awnnefvz (dot) com
awnnygco (dot) com baghli (dot) com
bahiaserv (dot) com bailes (dot) astalaweb (dot) com
bakaneko (dot) fr balamenterprises (dot) net
balancedintelligence (dot) com balkon (dot) com (dot) ua
balticatrading (dot) pl barragames1 (dot) sslpowered (dot) com
bestnums (dot) net darkwhore (dot) us
209delirium (dot) free (dot) fr niggarulez (dot) com

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Presidents Day BH-DNS Blocklist Additions

Posted on February 18th, 2008 in New Domains by dglosser

From Misc Sources:

032439 (dot) com 11990 (dot) com
40ch (dot) com ads555 (dot) com
blockdelete (dot) com deluxnote (dot) com
flyvideonetwork (dot) com free-games-online (dot) com
msnliststatus (dot) com pay-per-traff (dot) in
shredder-scanner (dot) com toneandpulse (dot) com
vertuslkj (dot) com zzgzs (dot) cn
yutunrz (dot) 1dumb (dot) com

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format