Domain Removal
adult-empire .com was just removed from the active list. Siteadvisor does not report any active malware on this site.
malware blocklist: 66 new domains
asprox domains, “copycat” sql injection domains, storm worm domains, and a few rogue antivirus sites.
Sources include ddanchev.blogspot.com, www.sudosecure.net, mtc.sri.com, and others:
8591tw .com ncb2 .ru njep .ru nimolp .net oics .ru antivirusxp-08 .com 91tg .net alparslanovayurt .com asmworm .com rid72 .co .uk asp32 .co .uk sec82 .co .uk atmacasoft .com smartnewsradio .com avxp-08 .com ssl62 .co .uk b4so .ru stocklownews .com gggjjj .info antivirusxp-2008 .com uid45 .co .uk toplessdailynews .com bjxt .ru toplessnewsradio .com bnsr .ru fednewsworld .com bosf .ru wapdailynews .com bsko .ru web58 .co .uk cid82 .co .uk winxp-antivirus .com tag38 .co .uk 50db34d5 .info rm510 .com 51113 .com dl87 .co .uk goodnewsgames .com 633f94d3 .info hyper-space-fuel .ru 63afe561 .info bestvaluenews .com fethard .biz 8d77b42a .info ad9178 .com companynewsnetwork .com ads002 .net baltikaredison .ru cn3721 .org ebookfinaltrash .ru freefl .info grepware-facility .ru idcads .info content-type .cn jbeegvia .ru efreesky .com kj5s .ru guerrero-tuning .com sb941 .com koromanskipart1 .ru logisigns .net goodnetads .org mode82 .co .uk gronxplanets .ru 5iyy .info codechost .com
Contact us if you want to help us keep the Malware Blocklist current.
domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
More SQL Injection
Dancho Danchev reports a copycat SQL Injection in the wild. Block the following domains ASAP:
5iyy .info
content-type .cn
63afe561 .info
633f94d3 .info
8d77b42a .info
5iyy .info
idcads .info
efreesky .com
freefl .info
gggjjj .info
ads002 .net
goodnetads .org
51113 .com
update999 .cn
50db34d5 .info
cn3721 .org
rm510 .com
sb941 .com
ad9178 .com
91tg .net
(domains will be added during the next update, but you should not wait).
Sources: http://forum.kaspersky.com/lofiversion/index.php/t74890.html and http://ddanchev.blogspot.com/.
DNS-BH Update: 58 new domains
Some ASProx domains, zlob domains, trojan domains, and fake antivirus domains. . Sources include www.malwaredomainlist.com, bharath-m-narayan.blogspot.com, www.shadowserver.org, and others:
1212l112 .net irxxv .com kodj .ru iwillseethatvideo .com 345bi .cn 2008-adult-s2008 .com a-n-k-o-r .com best-freeware2008 .com adnsline .com lvorgucci .net pfd2 .ru manswar .commalware po4c .ru mpegstandard .com nmr43 .ru formatmpeg .com ns-ok .com best-soft-maxi .com asgates .com nihao29 .cn bce8 .ru anvimaster .com nemr .ru anvi-scanner .com kjwd .ru otherhomepage .com blackhei .cn allsecurenews .com lksr .ru almamama .com .cn ch35 .ru pvs360 .com dajao .cn qwgates .com daoqaz .cn rkjhc .cn dcads .biz secureshortcuts .com ncwc .ru sky8000 .com herezh .cn uswow2 .com infomm .cn web678 .com .cn iroe .ru windows-virus-scanner .com j1bc .cn wooollstx .cn jackkk .cn yibanle .cn jve4 .ru youlaiyou .net k1ks .cn zerolost .org kpo3 .ru zfzuguo .cn kr92 .ru browseroption .com
Contact us if you want to help keep the Malware Blocklist current.
domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
SQL Injection Finder
Codeplex has released an interesting tool called SQLInjectionFinder.
It helps to determine .asp pages targeted by recent SQL Injection attacks. You launch it on your IIS machine, it reads your IIS logs, and creates a log of suspicious entries. Sounds like something which should be run on a regular basis on any IIS-based server.
WOT-Web of Trust
WOT is a free Internet security addon for Firefox and IE that protects you against online threats like malware, scams, unreliable shopping sites and spam. The WOT community helps make the Internet safer by sharing their experiences of websites and the services they offer.
We are happy to report that we have been added as a trusted soure to the WOT ratings database.
More ASPROX, SQL Injection, and Money Mule Domains to block
Shadowserver has a nice text page of the latest sql injection domains. s3cwatch lists a few more. And ddanchev has a nice article on the money mule recruitment domains also utilizing the asprox fast-flux domains:
asp8 .tk drpoex .com bts5 .ru ecx2 .ru eoai114 .cn cash-transfers .eu jzm010 .cn cashtransferz .com kc43 .ru cashtransferz .eu cfm3 .eu win-defender .com cgt4 .ru lang85 .tk chds .ru liwejr .cn cvsr .ru ll80 .com date-21 .net nudk .ru dns71 .eu nwolb .co .uk .dns71 .eu sec8 .eu vav-scan .com ssl28 .eu verynx .cn o1o2qq .cn viruses-scanonline .com kgj3 .ru
Contact us if you want to help keep the Malware Blocklist current.
domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
ASPROX Toolkit
Sentinal IPS has released a new version of their ASProx Toolkit. This toolkit had T-SQL code for cleaning infected databases and URLScan configuration instructions for catching injection attempts. Read about it here.
50 New Domains to Add to your Malware Blocklist
50 New Domains to Add to your Malware Blocklist. Some sql injection domains from shadowserver, domains caught in the emerging threats sandbox, and others.
232313 .cn ibxcxl-cash .net 4cnw .ru ibxdxl-cash .net 90mc .ru iogp .ru 998flash .cn jbalafhkewo7i487fksd .info jvke .ru jbalbfhkewo7i487fksd .info adwbn .ru jbalcfhkewo7i487fksd .info adwr .ru jbaldfhkewo7i487fksd .info bcash-ddt .net advancedxpdefender .com bddr-cash .net bmakemegood24 .com keec .ru bperfectchoice1 .com bnrc .ru cbparfectchoice1 .com keje .ru licensingvideo .com cashtransfers .eu cbpbrfectchoice1 .com cashtransfers .tk lodse .ru lkc2 .ru movieexternal .com vcre .ru rcdplc .ru d5sg .ru fastupdateservice .com estplanete .com sdkj .ru estvirtuel .com sid57 .tk rrcs .ru sslwer .ru fixproblems .ru type53 .eu fixredirector .ru uinticket .net gb53 .ru xpsecuritycenter .com h23f .ru veryhodownload .com jex5 .ru xnibi .com
Contact us if you want to help keep the Malware Blocklist current.
domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Asprox and Storm Worm Domains
Some ASPROX SQL injection domains and storm worm domains to add to your blocklists.
Sources include www.dynamoo.com/blog/, www.sudosecure.net and others:
addrl .com americanmedicalguide .eu adpzo .com advancedcaremedical .eu korfd .ru medicalhealthdeath .eu aetopoulos .de medicaljobsgroup .eu lovelifecash .com medicalworldinc .eu bphostdomains .com medicalworldlink .eu brcporb .ru onlineregistryscan .org btoperc .ru themedicalmarket .eu cdport .eu updates .advert-network .com fixaserver .ru verynicebank .com gbradde .tk wellnesssurgical .eu gitporg .com win-x-defender .com grtsel .ru womenmedicalcenter .eu
Contact us if you want to help keep the Malware Blocklist current.
domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!