Feed

DNS-BH Update: 175 Malicious Sites

Posted on December 30th, 2010 in exploit,New Domains,Trojans,zeus by dglosser

175 malicious sites — PDF Exploits, mebroot, Sinowal, Zeus, ransomware… Sources include malwareurl.com, support.clean-mx.de, securehomenetworks.blogspot.com
(Every source is always listed in the domains.txt file):

0002 .in acdbsjqagdw .com
0100011 .in aghiddaancz .com
0200 .in aghidwaancz .com
0300 .in aghpltfagdw .com
0400 .in agrilla .cz .cc
0505 .in aline04dx .co .cc
0600 .in alsawield .cz .cc
0606 .in amesearch .info
0700 .in askei .kiev .ua
0900 .in avinashdeoskar .com
0909 .in betaicons .co .cc
1002 .in bigsophieblog .com
100500a .in busheyframingservices .co .uk
1006 .in checkingvirusscan .com
1007 .in chesearch .info
1010101 .in churahime .sakura .ne .jp
1100111 .in citoxu5 .cz .cc
1222 .in cpuconsulting .co .cc
2112 .in darkmeat .cz .cc
2227 .in dhjqxwgdgdw .com
2234 .in dragongut .co .cc
2311 .in dualmenu .co .cc
2344 .in florinlelcu .lx .ro
2436 .in getsmem .co .cc
2727 .in gmail-google .in
3113 .in goldenchokolade .co .cc
3121 .in googleadstat .com
3123 .in greeecio .co .cc
3231 .in greetings-online .com
3330 .in htgerbgvrfe .cz .cc
3331 .in iltuopersonale .org
3341 .in interodialset .com
3452 .in iwovideo .info
3737373 .in jabeeitjgdw .com
4141 .in jakudzahamato .com
4234 .in jcdlnpbjgdw .com
4322 .in jimyservice54 .com
4566 .in jiopolanoder32 .com
5412 .in jnermovies .com
5464 .in justdomain .in
5550 .in klovidomain .com
5675 .in lanceyan .info
5858 .in lenturgoh .com
6262 .in linkingbuziness .com
6464 .in lumobiget .com
6546 .in maivideo .info
7171 .in mehilo6 .co .cc
7474 .in menobulmin .com
7575 .in mestferrit .co .cc
7676 .in musicalwelt .de
7751 .in oresmir .co .cc
7772 .in pderkyhpgdw .com
7773 .in phantom .arandomserver .com
7774 .in phjqxagpgdw .com
7868 .in poliretrosad .com
88dafa .biz polredjuyxsd .com
9696 .in projectcloverfield .com
aaaddd .cz .cc qaqopu5 .co .cc
aaasss .cz .cc qcdbsoqqgdw .com
crushy .cz .cc qghuvvkqgdw .com
ebae .cz .cc rainbow-fantasy .net
etymeri .ru reiojcptodm .com
fjpark .com remnantsofchaos .com
ghwww12 .in riajccxrgdw .com
gooq .cz .cc rtikiwedres .com
guwtron .com simple-scanscanner .com
hegeam .com sjkfudls .com
itfcenv .com sssr1991 .co .cc
iusd .me st-service .cv .ua
kojise .info stylevirb .com
kolctg .com touch-of-sunshine .net
lendrnd .com upperdarby26 .com
lisabee .org urlscan .co .cc
mkoiuy5 .in velocityupdate .com
moocto .info verystrangeone .com
nbngfwte .at vfjfrxepjhkh .com
netww2 .cz .cc vhjbseqvgdw .com
nilko .cz .cc vhjqxbgvgdw .com
nsecupdts .ru vianmhdvgdw .com
ohkendra .com villusoftreit .ru
okalj .in wad22 .osa .pl
oncobo .info watchthisfree .com
pic9 .cz .cc xastrfistmap .com
ryleyo .com xuliganusika .com
safe-data .ru yahoodore .info
wad47 .osa .pl yahooer .info
we3r .co .cc yettisportsquest .com
x5k .info yourbeercareer .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible:  http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

1481 long-lived malware domains

Posted on December 29th, 2010 in Domain News by dglosser

1481 long-lived malware domains active for at least 90 days

850 active for at least 6 months

500 active for over a year

Full list, sorted by number of days on our blocklist, is located here.

Site delisting: anyhub.net

Posted on December 28th, 2010 in Removed Domains by dglosser

anyhub.net has been delisted and will be removed on the next update.

Site delistings: 1107 domains removed

Posted on December 28th, 2010 in Removed Domains by dglosser

1107 domains have been removed. Please update your blocklists.

Dec 24 update – zeus, Sinowal, moneymule domains

Posted on December 25th, 2010 in New Domains,rogue antivirus,Trojans,zeus by dglosser

Domains associated with Zeus, moneymules, Sinowal, exploits and more… Sources include www.malwaredomainlist.com, securehomenetworks.blogspot.com, vxvault.siri-urz.net (Every source is always listed in the domains.txt file):

0000002 .in aaboygeagdw .com
0000003 .in aabtixiagdw .com
0000004 .in acrossuniverseitbenet .com
0000005 .in add-block-filter .info
0000006 .in aefswbjagdw .com
0000008 .in aghuvqkagdw .com
0000009 .in azkinternational .com
1111101 .in barberherrmanngmbh .com
1231231 .in bayanescortlar .co .uk
2313211 .in blowmeupbig .com
3000000 .in celebsclips .net
3ddr .co .cc cernelpanished .com
4000000 .in checkconfig .info
4561231 .in coraldavaiderm .com
5000000 .in datingwithlove .ru
8000000 .in dkfbjkbgbfowerg .com
9000000 .in ekfhbekjrbksjbg .com
abidas .info engdyjgmjdiz .com
abihmovies .com eroijor4hjo .com
afonja .info fbcfqtufgdw .com
alkoeb .info ffgioxyfgdw .com
alkonaft .info filesareaonline .in
alloxa .info first-internetmaster .net
alltraff .tk fjfhbhwerkbfger .com
antoska .info glazsystem .net
asdfasd .in gvhfreesow .com
asfirgate .net hejionarlds .com
atsasi .info here .get-2011-version-now .info
avideo .cz .cc hjnaa4wgkffq5lmsut9o9ub4 .com
babypin .net host9090 .com .br
binmop .com hosting48-videos .3utilities .com
binq .cz .cc illusiohstar .com
bombino777 .com installation-gratuite .com
bransac .com itroluikdired .com
cbzwnced .biz jghkblajgdw .com
cccp .fam .cx jscompressing .com
crimesunit .org kupimobilu .real-host .ru
cuorcuyg .co .cc madronamusic .net
datafill .in messengerfrance .com
domain291 .org movietalkzone .in
durinda .info msnpluginvideos1801 .110mb .com
firedns .net neolightsound .com
fjzakced .biz nextchapter .cz .cc
fotu .cz .cc openwdscript .com
freezdec .ru patmarclean .us
gazbyced .biz prodigy-payment-systems .com
hgds .cz .cc protect-pcsoft .com
iniiinn .in save-internet-foru .com
ininini .in seefredsafe .in
itunnes .net sirjohnfalstaff .info
kanyx .org smartinternet-foryou .net
kggf .co .cc smartsuite-4u .in
kinix .in Sullivanmyers .com
kulen .cz .cc tbcfqxutgdw .com
liy7 .co .cc tilimilitram .com
new2 .cz .cc top-scan-foru .in
nonameal .com totalpersonpa .net
organte .com trackingcounter .net
rnw .kz unagimakimoto .com
roomart .info unknownplaces .net
ruvipxxxa .ru usygemuharyle .publicvm .com
rwq2 .cz .cc vdecfnrvgdw .com
seeeresafe .in video-porn .cz .cc
smartboan .com video90-host .servepics .com
solvex .spb .ru video91-tube .servepics .com
soundpong .com videos13-host .redirectme .net
sourcorp .com videoshares .net
trimba .org w00d00pipls .net
win284 .co .cc werodtlejfcok .com
wrhjo35ih .com yakonohadersh .com

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible:  http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

1444 Longest Lived Malware Domains

Posted on December 22nd, 2010 in Domain News by dglosser

The file longest-lived-malware-domains.txt (available here and here) contains a list of 1444 domains which have been on the DNS-BH list for longer than 60 days.

472 have been on the DNS-BH list for more than a year.

Dec 21 Update: 172 domains to block

Posted on December 21st, 2010 in exploit,malspam,New Domains,Trojans by dglosser

malvertising, exploit, phishing, and other malicious sites to block or shun. Sources include blog.armorize.com, security.thejoshmeister.com, vxvault.siri-urz.net/URL_List.php, safebrowsing.google.com (Every source is always listed in the domains.txt file):

0rz .com addononline .in
645fdbngg .ru adncommerce .com
aacoast .com adshufffle .com
abena .co .kr bestdataline .in
acerdse .com brokersearch .co .za
acideds .org ceotesadprod .com
ad58 .info darkarts .clan .su
boan119 .co .kr datafastinfo .in
colemuns .com defragstore .com
dirtyeds .org dertopl .ipq .co
earlyeds .org downloadpporno .info
edsclick .com duygusalforum .net
expa10 .co .cc dynamicname .co .cc
expa11 .co .cc ebat-v-glaz-eto-prosto .com
expa12 .co .cc engine .iadnet .kr
expa13 .co .cc facebook-surprise4mf .tk
expa14 .co .cc filmcitystars .in
expa15 .co .cc findwarezfiles .com
expa16 .co .cc first-warez .com
expa17 .co .cc forxinveststrategery .info
expa18 .co .cc free-big-data-storage .com
expa19 .co .cc free-data-load-centers .com
expa20 .co .cc freedataloadtesting .com
expa21 .co .cc freenetfiles .in
expa22 .co .cc genuinefiles .in
expa23 .co .cc golovazastrala .com
expa24 .co .cc goodtimesinfo .in
expa25 .co .cc gossipedia .com
expa26 .co .cc govnasamovar .com
expa27 .co .cc govtds09 .co .cc
expa28 .co .cc govtds10 .co .cc
expa29 .co .cc greatinfozone .net
expa30 .co .cc ibolijaatypyhyp .publicvm .com
expa31 .co .cc info-safe .co .kr
expa32 .co .cc inshopping .co .kr
expa33 .co .cc jakonchileivuho .com
expa34 .co .cc larrykids .co .cc
expa35 .co .cc linkdirect .co .kr
expa36 .co .cc losearch .info
expa37 .co .cc lusisaj .co .cc
expa38 .co .cc masturbacja .ovh .org
expa39 .co .cc mediaactor .net
expa40 .co .cc megacooldomainame .com
expa41 .co .cc msnseguro .com
expa42 .co .cc myfacebookg .com
expa43 .co .cc mystreammovie .com
expa44 .co .cc newmediaposition .in
expa45 .co .cc okiryliuceki .publicvm .com
expa46 .co .cc online-akert-polics1 .co .cc
expa47 .co .cc onlinepaydebt .com
expa48 .co .cc paiiirydyoga .publicvm .com
expa49 .co .cc papaisbis .com
expa50 .co .cc parti13 .co .cc
expa51 .co .cc pbcplifpgdw .com
expa52 .co .cc pcsafezone .co .kr
expa53 .co .cc pcutilitydownload .com
expa54 .co .cc pokerlifeinform .net
expa55 .co .cc quickwebplayer .com
expa56 .co .cc radiosouf .free .fr
expa57 .co .cc realdatabank .in
expa58 .co .cc samosaboyzz .com
expa59 .co .cc santanderservicos .com
fernspaeh .de searchjewel .org
feudari .com searchwarezfiles .com
filebeam .com senzafreni .com
finofalts .com sexonlinetube .info
fitmanlive .be skywebmovie .com
free-data .net smartkeyword .co .kr
geheyo9 .co .cc stacatours .com
gtaredw .com streamclips71k .co .cc
islamwelt .ch systemutilites .com
kupimesto .ru takeatime .com
lliakaras .ru theonlinemedia .in
n4gate .com thjlnqbtgdw .com
nexprice .com tredomain .co .cc
oregrogbi .hu tube90-video .servehttp .com
picsicio .us tv-world-online .net
poppoob .com unyrejaqiytegeg .publicvm .com
qvps .ws video-plugin .net
reabil3 .in vlc .installation-gratuite .com
ronaldl .info worlddvdportal .in
ssmmbb .com worldnetmovie .in
swaydata .in yahoobary .info
tnafix .ru yantrarealtors .com
xylylon .ru youporndump .com
zxcvasd .ru

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible:  http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

MalNET

Posted on December 20th, 2010 in Domain News by dglosser

From byteninja.net:

MalNET serves as a low interaction HTTP server which responds with a ’200 OK’ for every request. When a malware attempts to retrieve http://bad.malwaredomain.com/som/bad/file.exe, MalNET basically says ‘yep, OK, here it is’ and then does nothing. To make this work you will need to run some sort of blackhole DNS setup in your environment such as the one on offer from malwaredomains.com. Once you have traffic redirected to your MalNET host, you should be able to see what the malware is trying to download.

List Cleanup: 1007 domains removed

Posted on December 19th, 2010 in Removed Domains by dglosser

1007 domains have been removed from the DNS-BH malware domain blocklist.

The list of removed domains is available at: http://www.malwaredomains.com/files/removed-domains-20101219.txt

mebroot/torpig, fastflux, botnet sites to block

Posted on December 17th, 2010 in iframes,New Domains,Trojans by dglosser

130 malicious sites and domains  (torpig, mebroot, fastflux, botnet, etc).  Sources include secuboxlabs.fr, zeustracker.abuse.ch, wam.dasient.com (Every source is always listed in the domains.txt file):

1004 .in aabiokyagdw .com
4go2com .net admediadelivery .co .cc
6000000 .in adobesupport .perl .sh
7cy .net ahaninuiae .publicvm .com
aeryboem .info areacodeszone .in
agrebleice .com ashampoo-15 .com
all4corp .com ashampoo-18 .com
aryahoo .info ashampoo-19 .com
atlantisc .net aztecinternational .com .au
avygamer .co .uk basicreader .co .cc
bassearch .info beerhouse .cz .cc
bftop .ru bladenraedes .org
blindry .com cadastro-real .com
butehotel .com consorzionavigli .it
c010x1 .co .cc cronenstr .co .cc
coca4ka .info deseprotikast .com
cocala .info dfasdgkgt .cz .cc
comcaste .co .cc dfgytcodgdw .com
coo0lnet .net down .playdns .info
cozemu7 .co .cc drummingmad .com
ealo .net fgsdfsdffg3 .co .cc
el-pics .com for-advanced-cfg2 .com
ellsearch .info free-big-data .com
etdw .co .cc freeinfoareacode .com
fiberlinez .com frilled-dragon .com
gate33 .info funkystuffhere .kickme .to
genoeco .com fvrwqtvedjqthln .com
greatreload .in fx010413 .whyi .org
hmmikr .com goforbroke .reads .it
jjwextxf .com greatreactor .co .cc
jx2dbtwg .com help .iptables .ws
kaxn .ru here .get-2011-version-now .info
kinokol .net hockeyminnie .co .cc
lider33 .tk huekacugegujed .linkpc .net
linkbuzz76 .eu jdfhdsgs4 .co .cc
ll12 .ru ldn5 .spiderwww .co .cc
loyeje5 .co .cc mediatracking .co .cc
megems .net memoristeak .co .cc
modaction .ru microsoftwindowssecurity181 .com
nefemo2 .co .cc next-file-server .com
nofotoraid .net olddesingqutim .com
nonononunu .com online-alert-policy62 .co .cc
ozone777 .com onlyonyx10 .com
parti20 .co .cc oooabterast0 .co .cc
perconel .com performancecarcompany .com
pinkiz .com popgoestheweek .com
poonstart .ru porn-hunt .cz .cc
qwwww .co .cc porn-hunter .cz .cc
redfjhsfk .com porntubexxl .com
reketfoto .ru postcardsservices .net
rfushop .com privateconfigurationforme .com
sercaag .com searchalthough .org
sgtewkhk .biz serpentarium .cv .ua
spbing .com snobchyct .info
tinki .jino .ru steamcastlerun .co .cc
trevorsee .net supercybersecurity .com
usofrance .fr systemdllsupd .ru
usosop .com time-sync-24 .net
veicl .net time-sync-24y .net
vkotalke .info unnurhmint .com
w1zzz .com unubiglenr .com
webyeeworx .com vandelivens .org
wedness .cv .ua winhostmanager .net
x1x4x0 .net winupdatecontrol .net
zedoze9 .co .cc zunder .facelookbs .net

This malware block lists provided here are for free for noncommercial use as part of the fight against malware.

Any use of this list commercially is strictly prohibited without prior approval.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from mirror if possible:  http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…