Feed

Site delistings: vipfashiongroup.com & focusinfosoft.com

Posted on June 30th, 2010 in Removed Domains by dglosser

vipfashiongroup.com and focusinfosoft.com have been delisted and will be removed on the next update

Site Delisting: visionstudio.pl

Posted on June 29th, 2010 in Removed Domains by dglosser

visionstudio.pl has been delisted and will be removed on the next update

Artro, asprox,zeus,rogue domains….

Posted on June 24th, 2010 in asprox,New Domains,Trojans by dglosser

Artro, asprox,zeus,rogue domains….

Sources include:x.maldb.com, abuse.ch, m86security.com, secuboxlabs.fr:

shkey .in diana .dti .ne .jp
esrie .in rotationweb .com
vrera .com zuo .podgorz .org
doiop .com aghtdqpaoxk .com
gglr1 .com dbcyjnudoxk .com
fjoty .com dhjaozvdoxk .com
b0tnet .tk dhjftzbdoxk .com
csqcc .net mcduimqmoxk .com
dex .do .am greentoparts .com
muzemi .in network-arts .com
nerevi .in alisehlikoyu .com
0715tc .com webserviceget .ru
ghucom .com greatinstant .net
ceterz .net startinmedia .com
hvdwal .info vanstarmedia .com
j6kb3pfa .ru code-scanner .com
q2auv3at .ru videobusiness .ru
wyvbe7vg .ru farmsurvival .info
analizes .ru webservicefull .ru
cccp .fam .cx bulkbagsource .com
kabicao .com err41peerrr .co .cc
sooters .net libc .interfree .it
wermaps .com 2012worldends .org
newtrii .com ksvkeocfxkiw .info
podgorz .org mediadataworld .com
1pornomov .ru realmediaworks .com
laafleur .com straightdirect .com
trenublo .com lamcfoundation .org
corsafety .ca adobeflash-f .co .cc
spowells .net eldercaremedia .com
nettvarts .com sweetartsonline .com
5ivealive .com forumz .zhaishen .com
grabberz .info sympathy .hdnews .net
infotraff .net antimalwarestore .com
smookusus .com antimalware-2010 .net
apocalypt2 .net hybridmediaworks .com
dottiehope .com datanationalmedia .com
postfolkovs .ru free-porn-video .co .tv
aahydrogen .com shop .tiredwolfhome .com
fairplay999 .tk contents .mylinker .co .kr
westmediaco .com startprotectfilesyou .com
cl63amgstart .ru scanner-manufacturer .com
ml63amgstart .ru sbsgolf .contents .mylinker .co .kr

This malware block lists here are provided for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

SQL Injection: webserviceget. ru, webservicefull. ru

Posted on June 24th, 2010 in 0day,New Domains by dglosser

From nsmjunkie:

Ongoing Mass SQLi attempts

I’m continuing to see ongoing SQLi attempts using the same injection technique we saw a couple of weeks ago. As one would expect the third-party site hosting the malicious JavaScript keeps changing. Below is a list of both the source IP addresses of the attempted SQLi attack as well as the script URL they’re trying to inject:

Source IP addresses of SQLi attacks:

86.197.85.243
218.248.42.113

Malicious Script URLs:

hxxp://oem. webserviceget.ru/js.js
hxxp://org. webservicefull.ru/js.js
hxxp://kernel. webserviceget.ru/js.js

Needless to say,  please block these domains (and possibly the IPs as well) as soon as you can.

Delisting: xchurch.org.uk and meinedosis.de

Posted on June 24th, 2010 in Removed Domains by dglosser

xchurch.org.uk and meinedosis.de have been delisted and will be removed on the next update.

List cleanup: 1064 domains removed

Posted on June 23rd, 2010 in Domain News,Removed Domains by dglosser

1064 domains have been removed.  These removed domains are located in the file removed-domains-20100623,txt.

Please let us know ASAP if any domain needs to be relisted.

128 new zeus, rogue, exploit domains

Posted on June 22nd, 2010 in exploit,New Domains,rogue antivirus,zeus by dglosser

128 new domains associated with exploits, zeus, rogue and other maliciousness:

vsmd .kz wanko-manma .com
chto .su searchrinup .org
psdrv .ru caer-doofer .com
ewet .org breefingteam .com
xe54 .com lineage .cn .km .ua
kqmxd .cn dijitalkalip .com
07168 .net moviecoupons .com
world .com am-remorquage .fr
ads .co .in domain460008 .com
rctds .net eu-analytics .com
teafun .sk grigga-sinna .com
balem .net homes-belair .com
necice .in ligawebradio .com
alsons .ru mediasuperbe .com
traskl .ru phimhanquoc .info
finson .com secure-stats .org
galaay .com solidarregion .at
shgics .com space-fblogs .com
blogjo .biz sicha-linna8 .com
equiny .com doctornimnul .com
hermes1 .nl update-kabul .com
kdsa .or .kr cashmaker-mom .com
popcorn .ma makesfasesite .com
uoptyr .com 30th-birthday .com
adwa23 .com megaantispy80 .com
bcbcnc .com romeunplugged .com
ceterz .com sorqusuzrapci .com
hsaaba .com getnewfreeporn .in
mog4jr .net grandeducation .ru
crewbiz .net wtcfirstmovie .com
hosanmt .net fleur-de-sante .ru
qsponik .com martinandwood .com
huashna .com 2012babah2012 .com
speedpos .com googie-update .com
bogobogo .net nelmafirstusa .com
spacecake .se panmiamibeach .com
vmcogulf .com sonyproduction .in
malbobro .org emailtheplanet .com
sex-gifts .ru adobesoftech .co .tv
voidrage .com microtrendsa .co .cc
z0mb13 .do .am solaruploaderz .com
tyhomkol .com miror-counters .org
annintus .com hikmesanbukais .com
bits4ever .ru netsharingsite .com
s-yahoo .info kindservicezeb .net
wandianji .com thegalleriesxxx .com
scanbase4 .com medianservicebz .net
arpeggi0s .com webmizersystems .com
ootaivilei .ru portland-traffic .com
fileland .co .kr breakingnewsofmom .com
bgknoccout .com inmobiliariapymsa .com
kalekehert .net explorer-download .net
msn-fblogs .com microsoft-update .name
pamparampa .net joylol .awardspace .info
saveoursoul .es atechnologyscanner .com
down .unovt .com chicken09 .thruhere .net
volgo-marun .cn sidematch .linkprice .com
3pulenepro .net cashmakermomsecrets .com
xvaluegate .com makemoneyathome-site .com
dfgswfodoxk .com startprotectyoutoday .com
diarqdndoxk .com mastersurpreenda0 .t35 .com
imagehacks .info momismakingcashathome .com
newdaypeace .org sosyalguvenlikmerkezi .org
senders2010 .com lib .willyselectronics .com

This malware block lists here are provided for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

Urgent block: volgo-marun .cn & sicha-linna8 .com

Posted on June 22nd, 2010 in New Domains by dglosser

From cyberinsecure.com:

The support site of leading Chinese PC manufacturer Lenovo has been compromised by unknown attackers who injected a rogue IFrame into the pages over the weekend. Security researchers warn that unwary visitors looking for drivers are exposed to several exploits that install the Bredolab trojan onto their computers.

The IFrame points to an exploit kit hosted on a domain called volgo-marun.  cn. After performing several checks to determine what vulnerable software they had installed on their computer, the visitors were served with exploits targeting older versions of Internet Explorer, Adobe Reader or Adobe Flash player. ….  and receives commands from C&C server with domain sicha-linna8 .com

site delistings: ropeofsilicon.com, christoncampus.org, exceleronmedical.com

Posted on June 21st, 2010 in Removed Domains by dglosser

ropeofsilicon.com, christoncampus.org, exceleronmedical.com have been delisted and will be removed on the next update

fake video, exploit, rogue security domains

Posted on June 20th, 2010 in fake codecs,New Domains,rogue antivirus by dglosser

Sources include: paretologic.com, malwaredomainlist.com, malc0de.com:

5188wow .com abbonamenti .e-duesse .it
5q4eyd2w .ru acc0n3 .scrapping .cc
a3crg .co .uk acrobat-reader-download .com
anirp .in afretroactive .com
babondolk .com aidanimaldental .com
babyland .lt andressolimano .com
baidudfr .com antinseto .com .br
billlez .cn arlingtoneagles .net
boonz .in braveguard2 .co .cc
bsbclube .com .br chapisteriadaniel .com
cadaris .com .br codecmicrosoft .com
ceguku .in declaracion .bde .es .psdrv .ru
ces-hunter .com down .keymatch .kr
ceters .net elensoft .narod .ru
cowzq .in esportsboard .com
dive2world .com fast-scanneronline .org
dkanager .com fastcleancure47pd .co .cc
dxwld .in freewarezsoft .com
flyingwings .ch full-free-rapidshare .com
gaople .info garantipornoizle .com
gayq8rgx .ru globalwarmingtray .info
go-teen .com hevoltados .com .br
goddamn .in industrialwholesale .com
gosin .be ircd-net .macsn .de
hejihi .in irisjard .o2switch .net
hemex .in krakinderviksa .com
hitmain .t35 .com legalhelpmultimedia .com
home-hifi .be manalive2010 .org
hothack .es .tl manupprincess .com
huffdt .com marco-mty .com .mx
i0jxx .com mcafee-registry .ru
iamcome .in militaryseeds .org
iconator .com multprintx .dominiotemporario .com
itotolo .com myownprotecton .com
kulinarz .ru mysafeprotecton .com
mclaugn .ru myususalprotecton .com
mibeli .in nevereversite .ru
mnfrekjivr .com nossanovatentativa .hpg .com .br
mps-sbn .com nowmessengerservice .net
mycenterdh .info onmyprotection .com
mycenterry .info pcsweeper .co .kr
nt13 .co .in please-unblock-me .com
ntec2010 .com pornocomprazer .com
ol34peifjd .in privacyzero .com
polkiman .com pro .dbclean .co .kr
rc .r-c .co .kr public .bay .livefilestore .com
realfun .ro realitynow1 .co .cc
rebonklo .com ropeofsilicon .com (delisted)
red3389 .com sedw .interfree .it
scarpina .ch seeblick-sylt .de
scgdemo .com sms-referati .ru
spinpoll .com soluciongana .com
syservent .com sondaggioelezioni .com
toutube .cn streetgetthen .net
tuparadas .com thetestmedia .com
valdez .at .ua traffic-crash .com
vc8t .com translate-google-cache .com
vv00vv .biz unitedlegalmedia .com
vv01 .info usualprotecton .com
vv05 .info vandgold11 .hpg .com .br
vvie .net vandgold22 .hpg .com .br
web .dakoa .cn victorgrijo .hpg .com .br
yollomeo .com weightlosssolutionsblog .com
yx .baidu .com winsecureservice .com
yyer .ru woningprikbord .nl
zroot .info .tm yearprotecton .com
zuklonma .com youtubemobiile .com