Feed

MS BOOT Issue

Posted on February 26th, 2009 in New Domains by dglosser

Several weeks ago we added comments to the BOOT and zones files before each update.

We’ve received a report that this crashes Microsoft DNS. Please let us know if this is causing a problem for anyone else. Thanks.

Fake Security, Exploit, Rogue Antivirus and other Malicious Domains…

Posted on February 25th, 2009 in Domain News by dglosser

Exploit Domains,  rogue antivirus,  fake security sites.  Sources include: safelab.spaces.live.com,  ilion.blog47.fc2.com, www3.malekal.com, and others:

166pp .com 114central .com
2018wyt .net 114graph .com
4slllj .cn 18022009 .com
6tg7 .cn 4utraffic .com
7u8f .cn 4utraffic .org
abcaef .cn 51momo .woy3 .cn
asdf456 .cn 8 .bluesky02 .cn
auctlva .com al1pay9 .com .cn
b .sw-ww .ws alan .p9555 .cn
baidusib .cn bb .2015wyt .net
bugxue .com beautywithbeads .com
cccbbbb .cn botconnet .cn
d .bnksw .com cximnik .asia
doc9c .cn dbckbkscw .cn
fffddd11 .cn ddddsss12 .cn
ffp4g .biz denegbolshe .net
fifa-09 .cn densmail .com
goasi .cn dollstories .com
hhh345 .cn dreanopaker .com
hhhjjjj .cn elkonline .pl
hhj8 .cn eryfghfdc .cn
hhj9 .cn ghost .adf3 .cn
kkkppptt .cn googlebots .cn
kkkuuuk .cn google-search .ru
listop .biz gvatemal .biz
ljs4ll .cn hoststat .net
ljsl4l .cn koliartoge .com
ljsll4 .cn kontakt2 .evangelion .nu
lorentil .cn lkjdlfior .cn
mi5663 .cn mmwbzhij .meibu .com
mimi223 .cn music .168987 .com
mimi531 .cn newsmozilla .com
mnv3 .cn onewedhost .com
mnvk8 .cn oregomisore .com
ok8uuer5 .cn p0rn-movies .com
opexti .cn podsmotrim .net
poloi999 .cn proxyrent .net
porgacig .cn red .mobinil .biz
product4 .cn rrrrggggg .cn
qwe234 .cn securityscanworld .com
qwe345 .cn sekasanehvataet .com
qwe567 .cn seotraff .biz
rrrzzzz .cn stabilitytraceweb .com
sdfg74 .cn stervtut .net
sl4llj .cn timoxinn .cn
slalaka .biz triblabla .awasr .cn
sll4362 .cn tupnak-sdes-kuku .biz
sll4lj .cn txt .kxwii .com
slllj4 .cn update-product .net
synopsis .cl upononjob .cn
temp-biz .cn usacaaugb .cn
thaexp .cn vienmoreter .com
upoterm .ro w6rt67ew7d .cn
vvk9 .cn webdportal .lgg .ru
wesy67 .com wwzhbxgs .com
wonthe .cn wyits .com .cn
wwj666 .com xaxiangzhan .com
wyxing .cn xiandaic .cn
xaoyo .com xinerdun .com
xiaoyx8 .cn xiqingwedding .com
zhbxgs .com xp-police-09 .com
yqwt5efe56w56e .cn

Contact us if you want to help us keep the Malware Domain Blacklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…
Contact us if you want to help us keep the Malware Domain Blacklist current.

80 domains to block

Posted on February 21st, 2009 in fake codecs,New Domains,rogue antivirus by dglosser

Domains associated with rogueware, sql injection, fake codecs, and other malware. Sources include: www.malwaredomainlist.com, sunbeltblog.blogspot.com, www.scanw.com, and others. Note: a file called “datestamp” will now be located in the files directory. This file will contain the date of the last update:

114anhui .com adwareguard .net
114baines .com antivirus1-download .info
282850 .cn antivirus1-site .info
afrijam .co .za arsofcaribion .com
auf-jeder .com av1-download .info
av1-site .info bestantcomputerprotection .com
baidmn .cn crackspider .net
bnksw .com custom4all .info
chengjitj .com deinglaube .com
cu108 .com directlink0 .cn
dvlorg .net directlink1 .cn
dy3369 .cn directlink2 .cn
ever6scan .com directlink4 .cn
gougom .cn directlink9 .cn
hao3832 .cn emailsupports .com
hynno8744 .cn geografystart .ru
kentty .net google-analytiss .com
kwddfxte .com infidelirium .info
lhlh1 .eu itsyouronline .cn
luckffxi .com javacsript .org
maza .by laspaceevents .cn
mimibn .cn lite-anti-virus-scanner .com
mscracks .com malware-doc .com
muu998 .com malwareprosecurityscanner .com
okokss .com nepaxek-domain .cn
pvden .com os-protection .com
qq-new .cn puntryworld .cn
rmk-lgs .com sjfdhw395t .com
rodexcom .org spy-protect-2009 .com
rsdown .cn stabilitysolutionslook .com
santuario .de superioradz .info
slll4j .cn sysguard2009 .com
statclick .net sys-protection .com
trafffive .cn theuniquetraveller .info
userzeus .com top .sei-keine .com
vestepau .cn totalmalwareprotection .com
virusmex .net totalvirusprotection .com
vokcrash .com wanprofit .net
xxxvvvv .cn xpvirusprotection .com
yffs369 .com xpvirusprotection2009 .com

many sql injection, fake codecs, rogue antivirus domains to block

Posted on February 17th, 2009 in Domain News,fake codecs,New Domains,sql injection by dglosser

Over 145 domains to add to your blocklist or malware sinkhole. Sources include:     ddanchev.blogspot.com, www.precisesecurity.com,secuboxlabs.fr, and others:

807090 .cn anjodoamor2007 .smtp .ru
aagnfdjkgn .com antimalwareinternetscan .com
abadef .cn antimalwareonlinescan .com
adhiqzytub .com antimalware-online-scan .com
adssite .biz antimalwarescanner .com
anykuy .com antimalwaresuperproscan .com
banksguard .com aprostilere .com
bestlive-tv .cn banners-adsmanager .com
bestloads .cn best-tube-2008 .net
bfahfmpyga .net black-extra .com
broken-tv .com book-photos .org
ch .typecn .cn celebnudestars .net
cinemacafe .tv dl .ms-as-storage .com
conexnet .cn exclusive-videos .net
cvb11 .cn exefilesdownload2009 .com
cvb12 .cn facebook-online .com
cvb13 .cn fastsecurescanner .com
cvb14 .cn files .msas2009-download .com
cvb15 .cn freecastingus .cn
demoextra .com freesexeurope .com
derenfop .cn fresh-video-news .com
detguide .cn friggingtra .com
divgg .com givhgw .bay .livefilestore .com
do21 .net golden-portal .us
fcswr .com hello-to-you .net
film-man .com i-love-porno .com
fuck-lady .com imagechicken .com
funkytube .net imagescopyleft .com
gorunger .com imagesmazda .com
grobotron .cn infinitilancer .cn
heroextra .com jonson-camp .biz
hi5-images .com last-porno-news .com
hi5img .net last-sex-news .com
hi5-photo .org look4celebs .com
HI5-SPACES .COM maso-zlobnuy-trup .biz
hoho-3 .cn millanchannel .info
horobl .cn new-videos .info
img-o .com onestopstation .net
kghh1 .cn onlinepharmacy4you .org
kghh2 .cn onlyhotvideos .com
kghh3 .cn packedownloadvideo .com
kghh4 .cn photouplodaer .com
kghh5 .cn porn-tube09 .com
lastcountb .com porntubenew .com
light-money .cn scanworldguide .com
londoncn .cn sex-tapes-celebs .com
mbtmw .net sexyescortdal .com
newprogress .tv shocking-stars .net
notvirus .com spywrprotect-2009 .com
ohtas .biz sweetmoomoo .com
ombb888 .cn texasimages2009 .com
omeia .info thecleanersystem .com
opqxn .com time-for-mumpreneurs .site90 .net
pelingers .ru tubedirects .net
podbitka .com tubeporn09 .com
pro-extra .com tubeportalsoftware2008 .com
q850 .com tubesoftwareviewer2008 .com
qqqeeeww .cn tubesoftwareviewer2009 .com
ratephoto .org tube-xxx-tv2009 .com
roi-labs .com ultra-extra .com
sa7i9 .com upd-windows-microsoft .cn
sharax .org uporn-tube .com
sowonder .net uporntube-07 .com
svtube .cn uporntube2009 .com
tubeporn08 .com video .stumbulepon .com
usatvshows .us video-sensation .com
vidstream .cn video-trailers .net
vivaextra .com watchepisodes .cn
wcontact .cn watch-video .cn
webreadon .com worldnews-video .com
xapads .ru xp-police-2009 .com
xapaxapa .ru xp-police-av .com
yuotnbe .com xxxporn-tube .com
zone-game .org youtube-top-video .com

Conficker Worm Resources

Posted on February 14th, 2009 in Conficker,Domain News by dglosser

The Internet Storm Center has a nice summary of Conficker removal instructions and domain blocklists.  Resources include:

Downadup.B/Conflicker.B IP generation and domain name predictor tool

http://mnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html

Detecting Conficker in your Network

http://www.cert.at/static/conficker/TR_Conficker_Detection.pdf

Full List of Conficker Domains

http://www.cert.at/static/conficker/all_domains.txt

We have included a list of domains and zone files in DNS-BH format. There are  over 90,000 (!)domains, which is too many to include in the main blocklist file. Some may be duplicates with entries already in the main file, so you may have to manually remove them.

fake antivirus, waledac and other nasty domains

Posted on February 12th, 2009 in asprox,fake codecs,New Domains,rogue antivirus,sql injection by dglosser

source include: ilion.blog47.fc2.com, www.afferentsecurity.com, www.shadowserver.org, and others:

abcbef .cn alabamafasha001 .cn
activesecure .net antimalwareguard-plus .com
adoresong .com anti-malware-live-scan .com
afubwbmsce .com antiviralscanner14 .com
alldatanow .com anytimeshopforall .com
alldataworld .com badware-protector .com
assisback .com bestfirestone .info
bontrafic .org bestlovehelp .com
brakeextra .com bugreport .waverevenue .com
catch-you .net cantlosedata .com
cosmosi .ru chatloveonline .com
dlsgd3 .com cherishpoems .com
extrabrake .com criticalcool .com
gckivkdx .com freedoconline .com
getsgd3 .com freegirlinbad .cn
gomyhit .com k9instructor .com
gosgscanner .com kaspersky-full .info
honeypalace .cn klitegeneration .com
hquvkbdve .com lovecentralonline .com
id-ref .cz lovelifeportal .com
id-x03 .cz medamphetamin .cn
klitegold .com mybestantivirus-download .info
l4jsll .cn mypspdownload .com
lj4sll .cn netsecurityupdates .com
losenowfast .com office2007-full .info
megatubexxx .net onlineanalytics .cn
mingwater .com onlinenotify .net
mypspcenter .com onlinepcvirusscanner .com
pixion .nl online-pc-virus-scanner .com
sgdldns1 .com pc2009-antivr .net
toppharma .net pcantivirusscanneronline .com
uin1 .cn polfjymawjy .info
uin2 .cn rxpharmacyonline .org
uin3 .cn sitra-perugno .cn
uin4 .cn systemprotectionupdates .com
updater .rv .ua theworldpool .com
uplevela .net worldlovelife .com
wagerpond .com www-avasthome .com
whocherish .com xpyburnerpro .com
worshiplove .com yourdatabank .com
yourteamdoc .com

Contact us if you want to help us keep the Malware Domain Blacklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates

The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format.

spywaredomains.zones file is in BIND format. Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Hundreds of trojan and fake security domains

Posted on February 6th, 2009 in Domain News by dglosser

Rogue antivirus, fake security, trojan domains.  Sources include: www.emergingthreats.net, ddanchev.blogspot.com, www.malwaredomainlist.com and others:

43129 .com academcity .com
63mode .me antimalwareproscanner .com
avetbbef .biz antimalware-pro-scanner .com
avetbbef .com antimalware-scan .com
avetbbef .net antimalware-scanner .com
avjttbef .biz anti-malware-scanner .com
avjttbef .com antispyscanner13 .com
avjttbef .net antispywarefastcheck .com
bookskys .com antispywareinternetproscan .com
chixxxa .com antispywareliveproscan .com
cqzb .com antispyware-pro-dl .com
cvgv6bef .biz antispyware-scanner-2009 .com
cvgv6bef .com bestantispywarelivescan .com
cvgv6bef .net bestantispywarescan .com
cvgvfbef .biz bestanti-virusscan .com
cvgvfbef .com buysysantivirus2009 .com
cvgvfbef .net cfjmlauno .com
evdxybef .biz chinkchoi .net
evdxybef .com computerantivirusproscanner .com
evdxybef .net computeronlineproscanner .com
evix8bef .biz computeronlinescan .com
evix8bef .com dalifit .no-ip .info
evix8bef .net defender-2009 .com
goldarea .biz download .adsoftinc .biz
gszk .net ebayhelp .co .il
gvfa5bef .biz edu2kbdve .com
gvfa5bef .com extraultra .com
gvfa5bef .net facebook-top10 .com
gvfadbef .biz freeantiviruswebscan .com
gvfadbef .com getsysgd09 .com
gvfadbef .net imaageshaack .com
hljwsjd .com internetinterestingplaces .cn
hvgbkbef .biz liteantispywarescan .com
hvgbkbef .com lite-antispyware-scan .com
hvgbkbef .net myspacess .net
isvbr .net newprogress .info
ivhc7bef .biz onlineproantispywarescan .com
ivhc7bef .com orldlovelife .com
ivhc7bef .net phejxcebf .net
jebo .name play-error .com
jvidjbef .biz pleaseclickhere .cn
jvidjbef .com premium-antivirus-defence .com
jvidjbef .net romanticsloving .com
jvidobef .biz sg10scanner .com
jvidobef .com sg11scanner .com
jvidobef .net sgproduct .com
kveecbef .biz sgproductm .com
kveecbef .com sgviralscan .com
kveecbef .net spywareguard2009 .com
lvaffbef .biz spywareguard2009m .com
lvaffbef .com sysantivirus2009 .com
lvaffbef .net sysantivirus-check .com
lvafnbef .biz sysav-download .com
lvafnbef .com sysav-storage .com
lvafnbef .net turbo-extra .com
mainssrv .com uveovbef .net
mega-3k .com uvjoqbef .biz
msvbvm50 .com uvjoqbef .com
nvdhcram .biz uvjoqbef .net
nvdhcram .com vdocstat .co .cc
nvdhcram .net viewformex .com
nvhhhbef .biz virus-doctor .com
nvhhhbef .com vucewxgw .com
nvhhhbef .net vvgpiram .biz
nvhhmbef .biz vvgpiram .com
nvhhmbef .com vvgpiram .net
nvhhmbef .net whoisthis .100webspace .net
oveieram .biz windownupdates .biz
oveieram .com wvbqpbef .biz
oveieram .net wvbqpbef .com
pvfjgram .biz wvbqpbef .net
pvfjgram .com wvbqubef .biz
pvfjgram .net wvbqubef .com
pvjj9bef .biz wvbqubef .net
pvjj9bef .com wvcqcram .biz
pvjj9bef .net wvcqcram .com
pvjjlbef .biz wvcqcram .net
pvjjlbef .com wvhqkram .biz
pvjjlbef .net wvhqkram .com
qvaksbef .biz wvhqkram .net
qvaksbef .com xp-extra .com
qvaksbef .net xvirmram .biz
svcmrbef .biz xvirmram .com
svcmrbef .com xvirmram .net
svcmrbef .net yourvalueready .com
svcmwbef .biz yvdsqbef .biz
svcmwbef .com yvdsqbef .com
svcmwbef .net yvdsqbef .net
uveovbef .biz yvdstbef .biz
uveovbef .com yvdstbef .com
yvdstbef .net

New Hostile Domains to Blacklist

Posted on February 5th, 2009 in Domain News,rogue antivirus by dglosser

Over 80 new rogue antivirus, gozi, exploit domains. Sources include: www.siteadvisor.com, www.malwaredomainlist.com, www3.malekal.com and others:

ableh .biz allmusicsshop .com
adbeplayer .com analytics .us .com
al9s .biz appels-offres-tunisie .com
anrdlauno .com bestantispywaresecurityscan .com
bidwm .org celebsmovies2009 .net
cnyjwl .com controlcentrch .com
dl7s .biz demokoksander .nl
drupa1 .com floadnewplayer .com
ecogroup-vrn .ru google-credit .cn
fire-extra .com huntdetective .com
hi5-image .net int .sysreport2 .com
hostwaydcs .com internetcountercheck .com
hxtt .com .cn ksrisegersubs .com
kormflek3 .cn liteantispywarescanner .com
korundas .com lookvideonew .com
kuja-piz .biz moneypuller .site90 .net
murom-hotel .com morenewsforch .com
nudistxxx .net neirong .funshion .com
onseneka .net ophywmntzrtew .info
oqwerzxcew .com parsrabota .reg36 .ru
php .metago .cn porncowboys .net
pornoforex .com protectionsoftwarecheck .com
portenotu .com quicksoftupdate2008 .com
pt .gooanal .net setupplayer10 .com
qazextra .com sg12scanner .com
saudi777 .com systemguard2009 .com
sg9scanner .com systemguard2009m .com
slole .biz test .yandex2 .cn
test .metago .cn update .originalcn .cn
trackgame .net userpaymntdownload .com
trasoregon .com vide0portal .com
viping .com .br videopupdete .com
wdswe .com virusremover2008-offer .com
www-svc7-com win-downloading-updates-server .com
xp-police .com xp-download-center .com