Feed

DNS-BH Update: 62 new domains

Posted on September 30th, 2008 in asprox,iframes,New Domains,sql injection by dglosser

60+ rogue antivirus, fake security sites, asprox domains.

Sources: sunbeltblog.blogspot.com, ddanchev.blogspot.com, shadowserver.org, and others:

0scanner .com homesecuresite .com
1o0o1 .com hotfreexxx .info
anti-spyware11 .com hotmovies69 .com
anti-spyware4 .com ienewbar .com
anti-spyware8 .com ilizium .com
anti-virus-xp .net km31539 .keymachine .de
krasotki .cn antimalwarewarrior2009 .com
antispywareinc .org mega-drugstore .net
antivirus-buy1 .com mega1search .com
antivirus-cs1 .com mentoe .ru
antivirus-cs14 .com mfads .com
antivirus-cs15 .com mheop .ru
antivirus-cs4 .com newwmpupdate .com
antivirus-cs5 .com online-sex-video .com
antivirus-cs8 .com openmenow .com
ytgw123 .cn personalantispy .com
seooss .info pestsweeper .com
bestbloggin .com pormce .ru
bestbookblog .com qwertypages .com
besthostdot .com ratedcontentsite .com
bettasearch .com realpicmov .com
charitymob .com secureharley .com
clearcontentsite .com antivirusfulldefence .com
clearpornurlssite .com spysoap .com
cnnworld .org uncensored-p0rn .info
ctiry .ru ungds .com
deryv .ru uniqueadult .com
dnserrorview .com upgrade-your-software .com
euroclubinfo .com viagrageneric .org
freeantivirus-online .com west-video-ass .info
xenbv .ru wmpware .com
yrhfn .com antivirus2008exp .com

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Domain Delistings: educorp.edu and abmr.net

Posted on September 29th, 2008 in Removed Domains by dglosser

educorp.edu and abmr.net have been delisted.  Please update your blocklists.

ytgw123 (dot) cn – block immediately

Posted on September 29th, 2008 in asprox,Domain News,New Domains by dglosser

The Internet Storm Center has two important articles:

1. 10 signs you might be compromised, and don’t even know it

2. ASPROX mutant

The asprox domain – ytgw123 (dot) cn is injected using a via a cookie.

A quick search on google  (hxxp://www.google.com/search?q=ytgw123 – don’t click on any results!) reports New York Methodist Hospital, quicklogic, and others are infected.

Domain will be added on the next update, but you  should not wait.

38 new domains to block

Posted on September 27th, 2008 in asprox,New Domains,zlob by dglosser

Sources: www.malwaredomainlist.com, www.abuse.ch, sunbeltblog.blogspot.com, www.threatexpert.com, and others.

5foot .org ieprogramming .com
anti-virus-xp .com internet-defenses .com
asafetysite .com life-tablets .cn
av-xp2008 .com linksondesktop .com
belgius .net lobanabucks .cn
bhtoesp .com mediamswares .com
brbg .ru dadsplace .com .au
cfohello .com .au mncpssa .org
yanndex .su moreaccess4me .com
druzg .ru movsdlls .com
ogjtu .com mp3dowl .com
errordnsurl .com ebatkopatnax .ru
evilbots .net phpnet77 .com
fstat .cn sobalyaki .net
gfbwd .com stabroom .cn
mgaazz .com toolbarunit .com
ha2000 .co .uk utevox .site90 .com
iebdesp .biz waysofsecurity .com
yfrresp .com gmail-security .com

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Domain removals: stsearch.com & searchinfo.com

Posted on September 23rd, 2008 in Removed Domains by dglosser

stsearch.comsearchinfo.com, and mastadont.com will be removed on the next update.

Please update  your blocklists as well.

42 New Domains to add to blocklists

Posted on September 21st, 2008 in asprox,rogue antivirus,sql injection,zlob by dglosser

Some asprox, zlob, fake security pages, rogue antivirus domains to add to your blocklist.

Sources:  www.matchent.com, sunbeltblog.blogspot.com, www.dynamoo.com, and others.


32ddk .name homesiteurls .com
3confirm .ws hqsextube08 .com
3cookie .tv ierenewals .com
4ssl .bz int3rn3t-d3f3ns3s .com
4ssl .ws mnbenio .ru
51com .ru mnicbre .ru
5jsp .bz movsdevices .com
64crypt .cc pkseio .ru
6usa .us protectnotice .com
73comm .asia prt3ctionactiv3scan .com
7confirm .gs secure4 .cc
9control .tk securealertbar .com
aabb1122 .com add-block-plus .net
ssl81 .in eantivirus-payments .com
asp1tw .com total-secure2009 .com
bank7 .name urlsofdnserrors .com
conf68 .mobi user9 .bz
vtg43 .ru vassariumpromo .com
eufnt .com vjccc .com
ss11qn .cn fastshortcuts .com
xbstw .com wmptools .com

Contact us if you want to help us keep the Malware Blocklist current.Domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Domain removals: securitystronghold.com and radarsync.com

Posted on September 19th, 2008 in Removed Domains by dglosser

securitystronghold.com  and radarsync.com are being removed from the malware domain list on the next update. Please update your blocklists as well.

Site delisting: naver.com

Posted on September 17th, 2008 in Removed Domains by dglosser

Naver.com has been removed from the malware blocklist. Please update your records.

internet-defenses (dot) com: Block immediately

Posted on September 16th, 2008 in Domain News,rogue antivirus by dglosser

SANs reports that some .htaccess files are being overwritten with code to redirect search engines   to internet-defenses.   com (84.16.252.73)  and  Prtectionactivescan  .com (78.159.118.168).  SANs recommends  blocking the IPs and domains  at your gateway ASAP.

These domains will be added on the next update but you shouldn’t wait…

60 new domains to add to your blackhole domain list

Posted on September 16th, 2008 in asprox,Domain News,fake codecs,New Domains,rogue antivirus,sql injection by dglosser

rogue antivirus domains, asprox, sql injection domains. Sources: malwaredatabase.net, www.emergingthreats.net, www.matchent.com, www.threatexpert.com, and more.

2bank .su com62 .gen .in
2online .su dll82 .biz
5asp .su do18 .mobi
5aspx .ws enhancedie .com
5bank .su ex6 .ru
5cfm .cc getoutdoors .net .au
64asp .ru hfnvp .com
7asp .su id92 .bz
800mg .cn jjyyzmj .cn
8aspx .su jsp25 .mobi
8com .name jsp27 .co .uk
aijingru .com jsp51 .mobi
juc8 .ru amistypedurl .com
antivironline .com linkfordesktop .com
zmjjjyy .cn antivirus-xp-08 .net
asp24 .su classicmediapl .com
asp28 .eu observesecure .com
asp62 .biz pagesuploader .net
asp62 .mobi prtectionactivescan .com
aspx12 .su santa-inbox .com
aspx46 .com smart-antivirus2009v2buy .com
aspx56 .biz smartantivirus-2009v2buy .com
aspx8 .biz smartantivirus2009v2-buy .com
bank19 .mobi smartantivirus2009v2 .com
check9 .biz smartantivirusv2 .com
locm .ru spyrix .ru
com45 .su spyware-quickscan-2008 .com
com51 .su sweathomepage .com
com52 .co .uk turkonz .com
net83 .ru yuiqd .com
gcodecadult2008-17 .com codec-portal08 .com

Contact us if you want to help us keep the Malware Blocklist current.domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND formatAlso available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…