Feed

Huge 500 domain update

Posted on March 29th, 2008 in New Domains,RBN by dglosser

Added over 500 domains from webhelper’s coolwebsearch list. Too many to list here, view the updates here.

DNS-BH Update – 66 new domains added

Posted on March 29th, 2008 in New Domains by dglosser

66 new domains flagged as malicious. Sources: Emerging Threats Sandbox and orhers:

5m9h41(dot)com ssvak(dot)med(dot)uz
a666hosting(dot)info stretvirty(dot)h(dot)com(dot)ua
axvideoplay(dot)com subplot-poussie(dot)com
axvideoplugin(dot)com testip(dot)free(dot)fr
buttonware(dot)net toolbar(dot)e-search(dot)co(dot)kr
credits-counselor(dot)com try-anything-else(dot)com
d08r(dot)cn try-count(dot)net
datahealer(dot)com tservidor(dot)com
ddeeffgghhii(dot)com tzine1993(dot)tz(dot)funpic(dot)de
gold-directory(dot)net u6(dot)websale(dot)co(dot)kr
golnanosat(dot)com u668u(dot)com
gzoe7w(dot)com unixfreez(dot)eu
havy(dot)net updateonline(dot)cc
hx0k21(dot)com uvilo(dot)com
ipod-talk(dot)info vaccine-program(dot)co(dot)kr
kalengzi(dot)cn veioinfect(dot)100webspace(dot)net
kroklovers(dot)cn vipasotka(dot)com
kyed(dot)com virtualworld(dot)ruby(dot)0lx(dot)net
l6q7x6(dot)com vmksxo(dot)com
mob-shop(dot)net wearabz(dot)net
moonticket(dot)net web(dot)g15-talk(dot)com
movperformance(dot)com webmovies-b(dot)com
mpggadget(dot)com whpsarm(dot)com
mynudedirect(dot)com wow(dot)biatches(dot)org
nashepivo(dot)com wowinterfcae(dot)com
nbb3g1(dot)com xcrhefvz(dot)com
realcarding(dot)net xia(dot)qisihuisheng(dot)net
safe-install(dot)com xico(dot)coolpage(dot)biz
servl(dot)com(dot)ar xico(dot)freetzi(dot)com
smart-search(dot)net yaman(dot)ws
snoopstick(dot)net youutubee(dot)com
sony1234(dot)100megsfree5(dot)com z88(dot)com(dot)cn
sraly(dot)com zuoyoukongjian(dot)com

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Massive IFRAME SEO Poisoning Attack (from Dancho Danchev)

Posted on March 28th, 2008 in Domain News,New Domains,News,rogue antivirus,zlob by dglosser

Dancho Danchev’s blog contains netblocks and domains which are involved in the continual IFRAME SEO Poisoning Attack. The latest attack successfully injects IFRAMES forwarding to the rogue security software and Zlob malware variants. Domains include:

mynudedirect(dot)com (already listed)
gift-vip(dot)net (already listed)
e.pepato(dot)org (already listed)
webmovies-b(dot)com, vipasotka(dot)com, golnanosat(dot)com, d08r(dot)cn and others (not yet listed- you should block ASAP. )

netblocks and IPs to block (which include multiple class-c’s) are located in his blog

22 Domains to consider blocking

Posted on March 26th, 2008 in New Domains by dglosser

22 New Domains associated with malware. Sources: Siteadvisor, Malware Domain List, SunBelt Blog, Cyber-TA, and SANS.

0nlyvideos(dot)com pc-cleaner(dot)com
37586(dot)com saintea(dot)com
881215(dot)com saken-qlbe(dot)org
all4ad(dot)cn savere(dot)co(dot)kr
arab69(dot)info search4top(dot)net
euro-shop(dot)co(dot)kr smart-security(dot)biz
malwarewar(dot)com spymaxx(dot)com
mpgassistant(dot)com spywatche(dot)com
national-bbb(dot)com thelastdefender(dot)com
pc-antispyware(dot)com thespybot(dot)com
xinniankl(dot)com unigray(dot)com

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Defense in Depth: IP and Netblock Blocking

Posted on March 25th, 2008 in Domain News,RBN by dglosser

A single solution will never catch all spyware and malware. A layered, defense-in-depth approach is needed. This includes antivirus/antispyware protection, proxy servers, domain blocking via blackhole-DNS, and blocking by IP addresses and netblock.
Blocking by IP address or netblock is a compliment to any domain or url-based blocklist*. Here is the story of one ISP who blocked known RBN netblocks.

Here are a few IP lists to consider:

If you know of any other high-quality lists, please contact us and we’ll summarize.

* Yes, we understand that some valid sites may be blocked. Any blocklist needs to be frequently-updated to reduce  the blocking of legit sites….

Another 50 New Malicious Domains

Posted on March 24th, 2008 in New Domains by dglosser

5o new domains associated with malicious activity, mainly from the emerging threats sandbox:

agropecuaria(dot)ws orkut(dot)profillez(dot)com
by(dot)hoc(dot)edu pannama(dot)net
ding45(dot)com patofu(dot)com(dot)br
imgserver(dot)kr pcturbo(dot)co(dot)kr
micoirsoft(dot)com piaoyaowl(dot)cn
microadplus(dot)com poczta(dot)fm
micromoulders(dot)co(dot)uk policija(dot)biz
mp0u(dot)com postcard(dot)ru
mp3-go(dot)net ppcabc(dot)com
msconfig(dot)co(dot)kr ppfilm(dot)cn
naship(dot)info professiionals(dot)com
qjex(dot)net profilemspace(dot)com
nerashtionline(dot)com new(dot)guest(dot)channel-pakistan(dot)info
net(dot)sssmeng(dot)cn quickfindparts(dot)info
netpace(dot)cn qweqweqwe(dot)com
wow(dot)blackirc(dot)us rbkvebf(dot)biz
newying(dot)com rbkvebf(dot)com
nightlifetelevision(dot)com rbkvebf(dot)net
njishi(dot)cuti(dot)cz registrycleanfix(dot)com
no5(dot)nayana(dot)kr rideline(dot)us
nooby19(dot)no(dot)ohost(dot)de s3edyhacker(dot)ath(dot)cx
nyfan(dot)net softwaredestributiononlinecorp(dot)com
obutan(dot)com tetovachat(dot)ch
one-clean(dot)com tronko(dot)net
onsafepro(dot)com vip-qqcongqq-woyaocongqq-duoduoqqyiqiqq-qbqq(dot)cn
q-site(dot)net needweb(dot)withsearch(dot)net

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

DNS-BH Update: 50 New Malicious Domains

Posted on March 23rd, 2008 in New Domains by dglosser

50 new domains associated with malware, mainly from the emerging threats sandbox:

awola(dot)com irc(dot)mintirc(dot)net
b-warez(dot)com irc(dot)mp3-wonderland(dot)net
bihsecurity(dot)com irc(dot)q8war(dot)org
chickenkiller(dot)com ircx(dot)kwsongs(dot)com
d4a2(dot)net iriverplus(dot)com
digitalroute69(dot)com istnight(dot)com
hasdoneit(dot)com jn-project(dot)cn
icover(dot)com(dot)br kankev(dot)com
ieshow(dot)co(dot)kr kessels(dot)com
iesuper(dot)com keygenguru(dot)com
image(dot)e78(dot)com keyrun(dot)com
images(dot)widgetbucks(dot)com khairulanuar(dot)com
infos(dot)baiano(dot)iespana(dot)es khnqfkv-vqnwrn(dot)com
ing(dot)xiaaooo(dot)com kidos-bank(dot)ru
int-tech(dot)info killsoft(dot)tu1(dot)ru
intelligence-tech(dot)com kosglad(dot)com(dot)br
ip(dot)loveroot(dot)com kranus(dot)kr(dot)ohost(dot)de
ip191(dot)cn kuvajt(dot)org
ipag63(dot)fr ladyteapot(dot)com
ipjp(dot)com(dot)br laidown(dot)com(dot)cn
ipseeker(dot)cn latinhackz(dot)net
irc(dot)deoxy(dot)org llzjz(dot)cn
irc(dot)esylum(dot)net lolswatted(dot)selfip(dot)com
irc(dot)hak5(dot)org medite(dot)idoo(dot)com
irc(dot)hak5irc(dot)org yoyocity(dot)net

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

List Cleanup

Posted on March 21st, 2008 in Domain News,Removed Domains by dglosser

Just removed about 50 domains. Two false positives (sites which were once associated with malware but no longer) and a bunch of duplicate entries (where the domain and a subdomain were both listed).

Remember, please contact us is you believe a domain should be taken off the list. But first, visit the URL listed in the domains.txt file as well as type the domain name in a search engine to determine why it was listed in the first place.

We are always looking for volunteers to help us reverify domains listed in the domains.txt file.

There are many blocklists out there, but we are one of the few which actively recertify domains to eliminate false positives.

Over 90 New Domains to Block

Posted on March 20th, 2008 in fake codecs,New Domains,rogue antivirus,zlob by dglosser

Over 90 new domains which need to be blocked. fake codecs, rogue antivirus, zlob and more….

airlady(dot)com huntabc(dot)com(dot)cn
anjink(dot)co(dot)cc iamleet(dot)be
asafetyvalue(dot)com iblon(dot)it
blackcodec(dot)net iexplorer-security(dot)org
brakeporn(dot)net inokuchi-c(dot)com
bsek5(dot)ggsddup(dot)com instantflashx(dot)zip(dot)net
citycodec(dot)com ixcodec(dot)com
cleancodec(dot)com jetcodec(dot)com
codecbest(dot)com lightporn(dot)net
codecdemo(dot)com luckycn(dot)cn
codecnitro(dot)com lunosoftb(dot)com
codecred(dot)net maladate(dot)com
codecspace(dot)com mensagenss(dot)hospedagemdesite(dot)com
codecthe(dot)com nicecodec(dot)com
delficodec(dot)com popcodec(dot)net
delfiporn(dot)net porn-popular(dot)com
democodec(dot)com pornfire(dot)net
dnsmserrors(dot)com pornqaz(dot)com
endcodec(dot)com pricetrim(dot)com
fileboxxx(dot)110mb(dot)com protectioncase(dot)com
fileboxxx(dot)h18(dot)ru qazsex(dot)com
g2(dot)co(dot)kr qq-sky(dot)net
game9988(dot)cn rangersales(dot)com
gamecodec(dot)com redcodec(dot)net
gamesrb(dot)com ryhakoputko(dot)com
geil-de(dot)info scrappysonline(dot)com
gfyjebf(dot)com secureinvites(dot)com
gfyjebf(dot)net securitypills(dot)com
ghust(dot)gabis(dot)co(dot)kr server27(dot)bounceme(dot)net
globo(dot)com sexclean(dot)net
godown(dot)geopia(dot)com sexwhite(dot)net
gold-bridge(dot)net sitama(dot)cn
gov(dot)edgesuite(dot)net stmikx(dot)freehoxt(dot)com
grand-sale-4(dot)com stormcodec(dot)net
gribokk(dot)com tirateuncentro(dot)com
gt(dot)l4f4y3tt3(dot)info tukangbecak(dot)com
gt(dot)tetovatim(dot)ch turbocodec(dot)net
gumgangfarm(dot)com tuttoscemo(dot)com
gusanito(dot)com uincodec(dot)com
h4x1n(dot)bleah(dot)info uinsex(dot)com
hack5900(dot)net upload2world(dot)com
heidik(dot)org w33d561(dot)com
hellboy(dot)nutnut(dot)info watbowon(dot)org
herocodec(dot)com whitecodec(dot)com
homepagenir(dot)com wmvappliance(dot)com
horseshoebendarkansas(dot)net xerocodec(dot)com
xhcodec(dot)com xeroporn(dot)com

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Blogspot/Blogger Redirection

Posted on March 18th, 2008 in Domain News by dglosser

The SpamWiki at SpamTrackers reports thousands of subdomains configured to redirect to fake pharmacy sites, downloadable software, Herbal King, etc.   You may wish to block blogspot and blogger domains until google gets this under control.