Feed

Malware Black Hole Update

Posted on July 29th, 2009 in exploit,New Domains,Trojans by dglosser

Added some zeus, mebroot, and other malicious domains. Sources include:  www.web2secure.com, malwaredomainlist.com and others:

aquaterra .cl barmatuxa .net
botnet .su bestcrisisprices .com
conscop .com cashspyware .com
dsade332 .cn dotbestshop .com
mudstrang .ru greatstabilexamine .com
pinesk .com hotexefiles .com
q41 .ru meprosoft .com
tgula .com personalonlinescanv3 .com
u6l .ru securityscanweb .com
u7p .ru securitytrial .com
yucibaby .com showmealltube .com
yzzs .com simplexdoom .com

Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…

DNS BlackHole Update: 195 new domains

Posted on July 25th, 2009 in New Domains,rogue antivirus,trojan,Trojans by dglosser

195 new domains added. Sources include www.malwaredomainlist.com, www.malwareurl.com, ddanchev.blogspot.com, and others:

11qe .com aboutgolfclubs .com
1remont .ru aboutsoftwarelab .com
3ttman .com aeronautica .gob .pa
56jrr .cn allsecuredpcshields .com
5euroshirts .com anakdewa54 .freehostia .com
666de .cn anuncios .pisosinmobiliarios .es
80-music .com applicationairline .com
aaaaxxx .com applicationjet .com
adwarealerts .info architecturesoftwaredownload .com
afrimidurimi .de basic-security-scan .com
allincorx .com blogsoftwaredownload .com
amembersignup .com computercodehigh .com
aplayful .com computercodeplanet .com
appairplane .com computercodework .com
appcheap .com data-recovery-digital-camera .com
a-s-f .at data-recovery-mobile-phone .com
bestmikeus .com data-recovery-usb-drive .com
bu-v .com dbs-softportal .com
c42 .org del-softportal .com
ceptalavera .com dubaialuminiumcompany .com
cerao-aceao .org dulofady .hostevo .com
cr4ckr0x .net earthsoftwaredownload .com
ddipro .com exe-online-world .com
dia-software .com exe-soft-files .com
digipour .com fhg-softportal .com
dirtywhore .com forumsoftwaredownload .com
drumzine .com gamessoftwaredownload .com
emailhacking .org grandfilesstore .com
era-exe .com harmonhomeinspection .com
etesttube .com homeantivirus2010 .com
eurogtd .com home-antivirus2010 .com
eurostamp .com .ua homeanti-virus2010 .com
exe-direct .com home-anti-virus2010 .com
exe-load-area .com homeantivirus-2010 .com
exe-profile .com home-antivirus-2010 .com
exe-xxx-file .com homeanti-virus-2010 .com
file-exe-2009 .com home-anti-virus-2010 .com
freeexefiles .com immobiliare-ruscigni .com
freshyork .com indiansoftwaredownload .com
goden42 .cn intranet .esc-clermont .fr
go-exe-go .com islandperformance .net
groufertation .com johnhamrickrealestate .com
homeav2010 .com keoweejocasseehartwell .com
home-av2010 .com keyloggerdownload .org
home-av-2010 .com kvm-softwares .com
hongse88 .com labelshoesstore .com
knavishly .com lakekeoweerealestate .com
knr-softwares .com last-exe-portal .com
kostenlosie .net lxl-softportal .com
k-softportal .com maliciousbaseupdates .com
lavasan .cn maltaintravels .com
lipesr .com monetaryunitsoftware .com
magicwap .net motor .power-man .ru
mops .krakow .pl myfreebestadult .com
msmarians .com nusecurityshields .com
mt3pvkfmpi7de .cn octopus-multimedia .be
nakjimadang .com officialsoftwarelab .com
ohmyflash .com operasoftwaredownload .com
otr .co .kr orders .gsecuresystem .com
packageball .com packageprovide .com
packagetime .com patipezy .freehostking .com
p-dd .mobi petechnologies .net
phosphor .se physicssoftwaredownload .com
picnews .bij .pl playersoftwaredownload .com
picrecovery .com poisongame .altervista .org
porn-free .org porno-video-devki .ru
pubroll .com proantispywarescanv3 .com
recoverdata .mobi prodatadoctor .com
red-exe .com r-d-cgpay-090709 .com
removeadware .org realsecurityspot .com
requiretake .com roxu .altervista .org
risda .gov .my sentmenatbici .com
rstdeals .com showmealltube .com
samjinenginc .com softwarealtsite .com
screamstore .com softwarebudget .net
seokrim .ms .kr softwaredownloadaudio .com
sexfreetube .net softwaredownloadcounts .com
sex-suki .ru softwaredownloadfestival .com
sexy-pornoz .ru softwaredownloadinstall .com
shoesarmend .com softwaredownloadintel .com
softcentrics .com softwaredownloadlicensing .com
spyfighter .biz softwarelinksite .mobi
spynomore .net softwarelistfinder .com
sucupdate .com softwarelistworld .com
superxxxporn .com softwarepackagelist .com
tagini .ru statistic-manager .com
techddi .com symlabssoftwareupdate .com
thaigan .cn teambuildamovie .com
trador .nl unitedinnuremberg .com
uu5656uu .cn web-master .kiev .ua
vaspup .co .cc webmaster-100 .com
webbablo .ru wqtcorporation .ru
wesecurepcs .com yoursoftwarelist .com
worldbestpay .com yoursupplements4you .com
x6x6 .info zaq-softwares .com
yihaha .cn zone-exe-files .com
youthwonju .com zxc-sofftwares .com
zocleaner .com

250+ Domains to Blacklist

Posted on July 19th, 2009 in New Domains,rogue antivirus,trojan by dglosser

Over 250 domains to add to your dns blocklist.  Sources include  www.malwaredomainlist.com, blackip.ustc.edu.cn, malwaredatabase.net, ddanchev.blogspot.com:

9ot4 .cn 3gpconvertersoft .info
analitics .in amd20095 .xpg .com .br
apauzy .cn analitic-manager .com
aresfull .us angelcitytrading .com
aresnet .us ares-2009 .com
arplgm .cn ares-2009 .net
assa .co .kr articlecentralstation .com
atuican .cn avadvance .com
avagujy .cn avanceinternet .com
avastt .us avira-antivir .info
avinyk .cn avira-net .info
avotyab .cn av-scan-64 .com
avyofzu .cn aware-protect .com
avyxaze .cn bitdefender-plus .info
awakuvi .cn cccpcodecs .org
awaokfy .cn cdburnerxpsoft .info
awapero .cn e-bitdefender .us
awaviyh .cn e-bitorrent .us
awetudo .cn edilcosousaimoveis .com .br
awixys .cn elitesecurityonline .com
awohebu .cn emule-pro .org
axevoq .cn emule-telecharger .us
axl-jp .net eng .nevskydvor .ru
bearflix .us enjnzdfmts .cn
biaze .us erasehistorynow .com
bitorrent .cc ferarilatka .cn
bnret .com filmproductionlifemedia .cn
chroome .org finaluninstaller .com
einoyy .net flash-codec .com
e-mule .us flashdollars .com
emulenet .net ggooggllee .info
emulenet .us goodantivirusplus .com
emulepro .us goodknight .info
ergota .com goscanany .com
esli .tw guitar-pro .us
esoe .gr hanbatjeil .or .kr
etcpn .com haus-huemmling .de
euroexpo .ro high4scan .info
eusun .net highlandquebec .com
fdasfadf .cn highscan4 .info
fewwe322 .cn historycleanup .com
fimcuoj .cn historywashdown .com
firearts .org hit168 .com .cn
fisruba .cn host40 .4hosthelp .com
fixguat .cn hotelsaadet .com
flrefox .us icd-fibres .com
focunqa .cn illusionfest .ru
fogpak .cn installmoney .com
foszecy .cn iphonefull .com
fotkum .cn ircleaner .com
goqfap .cn itechwon .co .kr
gotceyr .cn javaruntime .net
gotuqjy .cn jobstopfil .biz
govaqip .cn jookjunacro .net
gowyti .cn just-photos .org
goxweyc .cn kill52000 .com
gubcyil .cn kwangsung .es .kr
gugkyaf .cn laubrotel .com
hezuo818 .cn layoutscene .com
hkzj520 .com limevvire .org
iframr .com lost-exe-site .com
io7f .com lovebunnies .luckypro .biz
jjmmmmm .cn loveletter24 .com
jwieiuu .cn lphant-plus .info
krisnet .cn malware-bytes .info
krob .de memorysavior .com
ksi-klasa .pl mesengerplus .org
kusa-knu .com messenger-2009 .us
kuxx .info messenger-9 .net
leadpod .net messengerhome .us
lelewyt .cn messenger-msn .org
look22 .de messenger-soft .info
ltkq .in msn-messenger-9 .com
lyrics2 .me msn-messenger-9 .info
m10b .com nadsamcabran12 .com
m11b .org nationalmediterannee-auto .com
mevabe .vn neoeffect .co .kr
mgema .com nod32-net .info
msrmn .com nod32soft .info
msrre .com pdf-creator .org
ncnzfh .info photoscapesoft .info
nerohome .net protect-my-web .com
nerohome .us pspvideo9 .info
nfsx .com quangpham .info
nod-32 .net rainmaker .co .th
noplit .ws recanatini .it
procto .cn solmae .co .kr
propan .ru sopcast-full .info
puppsik .biz sorpresor .com
q7sp .com specialsuggestion .com
qsjyy .com spiskin .trakya .edu .tr
qvod69 .cn sprut-cluster .info
qvod998 .cn spybotsearch-full .info
sozefpa .cn sundownercomic .com
tec .sarl .tk super0tube .com
tudanyg .cn swoooper .com
u0c .ru taobao .ht .cx
u1b .ru testtubefilms .com
u5c .ru thekingpin .net
ubaunki .cn tvtesttube .com
ugezuso .cn ultradefrag .us
ukodun .cn unitarstudents .com
uleyvom .cn upload .octopus-multimedia .be
uone2 .com utorrent-net .info
upeozab .cn virtualdj-soft .info
usher .co .kr vlc-full .info
utorent .us vundofixpro .com
utorren .us vusaeurope .eu
v8dc .com vvinrar .info
vvinrar .com walji-co .com
vvinrar .us warisan .gov .my
vwui .in web-safe-and-clean .com
w-ares .org websamba .com
washts .info weelshow .com
webalfa .cn wesssrett .cn
w-emule .org wiinzip .info
winamp .ws winamp-2009 .net
winzipp .us windows-movie-maker .info
wytzt .cn winrar-2008 .com
x .6l .cn wisecleaner .com
x9host .cn www-3gpconverter .org
xbx .tw www-advanced .org
x-daily .com www-emule .us
xlsf013 .cn www-realplayer .org
yawxowaj .cn www-windowsmediaplayer .org
ylzf002 .cn yesgogame .com
yomua .com yongsin .es .kr
yourlotcar .cn yourtubetop .com

Over 220 new domains added

Posted on July 16th, 2009 in 0day,exploit,New Domains by dglosser

some more 0day domains, some exploit domains, domains listed in www.malwareurl.com:

2666 .com .cn acasoftware .com
26860xfart .cn advancedetective .com
686ip .cn advanedprospywarescanner .com
8f8q .cn adwareremoverxp .com
98love98 .cn adwarescansite .com
a3q .ru allentruesecurity .com
a3t .ru anthony-campbell .com
a444 .dnf5 .com antispamdeluxe .com
abjodvsves .com antivirusadvance .com
ads .v8dc .com anti-virus-best .com
adwaregold .com anti-virus-best .info
adwarexp .com antiviruspcscannerv7 .com
ambroston .com antiviruspremium .com
aralowsiv .com antivirusprotector .com
b6t .ru antivirus-solution .net
b76 .net antivirusultra .com
b8o .ru antiviruswebsitereviews .com
b9g .ru besecurepctrue .com
babycome .ne .jp bestlitevideo .cn
bafstone .com blendcolours .com
balaperdida .es blocked-site .info
barddal .br blondiespizzasunriver .com
benpao2020 .com brasilianstoree .info
bezopbizn .ru businesscoorptru .cn
bidstrafen .com carrollzfunz .com
bigtopstats .cn cedriczfunz .com
bimo .ueuo .com centralfilms .net
bot .anhheo .com check-for-threats .us
bybyybyb .com checksix-fr .com
bzzz666 .name check-updates .net
c1z .ru clangamingleague .com
c7r .ru computercabling .ca
cabkyykbbg .com coolnamemart .cn
carolzfunz .com correiomagico .mail15 .su
cazkafuq .cn cotrimex .com .br
ccmguyldmn .com crenshawdesignz .com
cgbzoqoixz .com customsecurityonline .com
cheesesoft .com cutheatergroup .cn
cj-vv .cn daftarwarisan .gov .my
ckt4 .cn dfpyvu .mxl .uabc .mx
clanazo .com doctoradware .com
clicks100 .ru downloadfixandlove1 .com
crosilile .com driverchecker .com
ctivnn .cn easylauncher .com
d821e .cn exenetsfiles .com
daiemzuops .net extranet .teligentems .com
day-today .com fast-filedownload .com
ddlse .cn freebsdadministrator .info
ddosor .cn free-pc-fix .com
defensive .ru free-scan-antivirus .com
dgejngkait .net fritzcomforthomes .com
dnf5 .com gamesnovo .xpg .com .br
doflolab .cn gartnerdedault .cn
d-sport .ru genantivirus .com
exe-4free .com geschenkpuzzle .de
exe-cosmos .com google-cdma .com
exedoc .com microantivirus .com
exe-get .com microantivirusxp .com
f1y .in mixgrouptravel .cn
f5x .at myrealsecuritys .com
f6e .at my-tube-dot .com
fak888 .cn notebookcomplaints .cn
fdg5 .cn onlinescanxppro .com
fdsdffdfsf .cn onlygirlstv .com
fwefr43 .cn orion .multimonde .com
game24x7 .com orkydeavelenosa .altervista .org
gamezv .com pcsecureredirect2 .com
gana .net pcsecurity-2009 .com
google-cdn .com pctoolsdoctor .com
hi2i .cn perfectuninstall .com
jatrja .com perfectuninstaller .com
knocklis .com perfectuninstaller .net
kvgrtt .com perfumechaletusa .com
miporekilu .com phonesquare .com
mixscan6 .info popupkillersite .com
mmemba .org popupsystem .com
mustronge .com registrycleaner911 .com
mvoe .cn registryclear .com
mystarnet2 .com registryeasycleaner .com
niupan .com registryfast .net
njpfw .com registrygenius .com
o524q .cn registryrepairsite .com
parsington .com registrywell .com
pcsecassal .com repairproblems .com
pestbot .com repairregistry .com
pinoy .ae rightsafeway .com
pjirc .com sacvalleyhomes .com
play .fde1 .cn sajhfhssbigbonms .e58z .cn
q23r .cn satisfatcionvulture .com
recoveryer .com scanmeta6 .info
saengcho .hs .kr secured-virus-scanner .com
scan4bay .info secure-safe-download .com
scan4file .info securitydesignonline .com
scan4more .info securitysun .info
scan4work .info securitytrial .com
scan6key .info securityverpcs .com
scan6top .info securitywwwsite .com
scangen6 .info share-paint .com
scorzion .com slim4scan .info
soft-exe .net slimscan4 .info
spywarexp .com spyremover .com
swfover .info spywarecease .com
thetests .net spywareglossary .com
thisorthat .cn spywareprotectionsite .com
tingcao .com spywarescansite .com
tip4scan .info spywaresolver .com
tipscan4 .info starscan6 .info
topscan6 .info thespamblock .com
trisem .com tommyshield .info
tubessite .com tube-best-4free .com
updatedate .cn vamos2009 .xpg .com .br
video-tube .cn videotoflashconverter .com
w528e .cn viruscrusher .com
wr323e2e2 .cn virusprotectionxp .com
wvg7 .cn

ttp://www.malwaredomains.com/updates directory.

Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…

List cleanup: over 300 domains removed

Posted on July 15th, 2009 in Domain News,Removed Domains by dglosser

Over 300 older domains removed as well as the two false positives mentioned earlier. Domains are listed in the “diff” file located in the www.malwaredomains.com/files directory.

False Positives: netvibes.com, blog.segu-info.com.ar

Posted on July 15th, 2009 in Removed Domains by dglosser

The Internet Storm Center has listed  netvibes.com and blog.segu-info.com.ar as false positives for the IE 0-day.  These domains will be removed tonight from our lists.

Please remove them from your blocklists as soon as possible.

Huge 0day domain update

Posted on July 13th, 2009 in 0day,exploit,New Domains by dglosser

Over 120 0-day exploit domains added.  Source: http://isc.sans.org/diary.html?storyid=6739

192idc .cn 17928 .yfyf .net
3video .cn 1cznn9 .com .cn
5i28 .com 66aaaaaa .com
71w .org ad .sxserve .com
7766 .org andrewkim .us
78195 .com asialoverfinder .com
7hacker .com asjkghajkgh15 .cn
92shaiya .cn asnfhaksfhnasf15215 .cn
99813 .com blog20fc2 .com
al0900 .cn blogs .weedns .com
allmuzz .ru buffer-ad .qvodwf .com
assaaa .cn buhsvarna .com
b35 .info ceceshishi888 .cn
bbssifu .cn compcycle .org
cncsz .net ddoshacker .cn
cvskr .com debonairblog .com
cxhost .cn dex .blogsite .org
dnfdf .com dgcft .sems .gob .mx
dubro .com dgfdffdfs .cn
dztv .cn dgzhangfeiyijue .com
ezua .com dubai .2ch .net
frumin .com fireofliberty .org
funoyun .com foolmountain .com
hanrss .com gamersabc .com
jkjjkk .cn geminicarsltd .com
jy-hx .cn glintsun .com
kj400 .cn haatz .tistory .com
kjkkkk .cn herhun2 .cech .com .cn
l1il .cn hzone666 .com
mmsifu .cn ihaveit777 .info
mvilcd .net info-yimg .com
mysnda .com mflian .com .cn
nbl .com .tw netvibes .com
ngnggg .cn nicovedeo .com
normb .net nosternos .com
pasch .or .at qinpengejia .cn
r154q .cn segu-info .com .ar
samkr .com sxserve .com
slyip .net tech2tech .cn
thtttt .cn theoschepens .nl
tt99lov .cn thewifihack .com
ttrpg .net trughtsa .com
usrvnu .ru up .hmwz .net
uyuuuu .cn usssakc .com
vicp .net ustrania .com
ws91 .cn uygurie .com
xewyny .ru veritech .co .kr
xicp .net v-i-e-w .net
xsdg .cn ww .wytzt .cn
yfyf .net xfgh .gov .cn
ytvccc .cn xtycoon .org
yuyyyu .cn yahoo-mail .net .ru
zbea .com yamaill .com

Vulnerability in Microsoft Office Domains: Web Components Control Could Allow Remote Code Execution

Posted on July 13th, 2009 in 0day,Domain News,New Domains by dglosser

The Internet Storm Center has added three new domains to their list of  “0-day” domains:

www. fdsdffdfsf. cn
a444. dnf5. com
www. hi2i. cn

fdsdffdfsf . cn, dnf5 . com and hi2i . cn will be added to the blocklist tonight but you should not wait…

HUGE Update: Over 500 malicious domains added

Posted on July 9th, 2009 in New Domains by dglosser

Over 500 domains added, too many to list. Please see the files in the http://www.malwaredomains.com/updates directory.

Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…

microsotf-dot-cn and myb88-dot-com: block immediately

Posted on July 9th, 2009 in 0day,Domain News,iframes by dglosser

We’ve received reports that the domain microsotf . cn is being used in the latest drive-by downloads (see http://olegvolk.livejournal.com/628779.html for example).

Also,    myb88 . com is being injected into sites.   See http://www.google.com/search?q=myb88.com/t.js

– but don’t click on any of the links!!

Domains will be added on the next update, but you should block immediately….