Feed

site delisting: dubbo-nsw.info

Posted on July 30th, 2011 in New Domains,Removed Domains by dglosser

Reminder:   Starting on August 1st, the zone and text files will ONLY be available from a mirror and will no longer be available on the main site!!


dubbo-nsw.info has been delisted and will be removed in the next update


265 new domains

Posted on July 27th, 2011 in exploit,fake codecs,malspam,New Domains,rogue antivirus by dglosser

ramnit, palevo, rogue, fake codec domains were added. Sources include vxvault.siri-urz.net, www.threatexpert.com, garwarner.blogspot.com

(Every source is  listed in the domains.txt file).

Reminder: 
Starting on August 1st, the zone and text files will ONLY be available from a mirror and will no longer be available on the main site!!


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Starting August 1st, files are ONLY  available via the download mirrors. Main mirror is : http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


willysy .com Mass Injection

Posted on July 26th, 2011 in 0day,Domain News,exploit by dglosser

Armorize reports on a mass injection of, 90,000 infected pages. The injected iframe points to willysy .com.

We’ll be adding those domains on tonight’s update, but please read the article and take immediate action if you can.

Site delisting: xa.yimg.com

Posted on July 26th, 2011 in Removed Domains by dglosser

xa.yimg.com has been delisted.

Reminder: only use one of the mirrors  when pulling the text or zone files… Do not use the main site. Thank you for your cooperation.



179 New Palevo, Zeus, Rogue Security, iframe Domains

Posted on July 24th, 2011 in iframes,New Domains,rogue antivirus,Spyeye,Trojans,zeus by dglosser

179 domains containing malicious javascript, malicious iframes, exploits, zeus, palevo, fake security…  Sources include amada.abuse.ch,  doc.emergingthreats.net, malc0de.com, and others (Every source is  listed in the domains.txt file).

Reminder: 
Starting on August 1st, the zone and text files will ONLY be available from a mirror and will no longer be available on the main site!!


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Starting August 1st, files are ONLY  available via the download mirrors. Main mirror is : http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


Server Load – Use Mirrors for downloading files

Posted on July 21st, 2011 in Domain News by dglosser

The load on the main www.malwaredomains.com site continues to grow and there have been disruptions of service…

If you haven’t already done so,  please make sure that the zone files and text files are only downloaded from  one of our mirror and NOT the main site.

Starting on August 1st, the zone and text files will ONLY be available from a mirror

and will no longer be available on the main site


Site Delisting: sharewareconnection.com

Posted on July 20th, 2011 in Removed Domains by dglosser

sharewareconnection.com has been delisted and will be removed on the next update

180 New TDL3/TDSS Botnet, cycbot, exploit, rogue domains

Posted on July 18th, 2011 in exploit,New Domains,RBN,rogue antivirus,Trojans,zeus by dglosser

Added 180 domains associated with fake security/scareware, rbn, TDSS/TDL3, TDSS4 etc. Sources include securehomenetworks.blogspot.com, scrapbook.zscaler.com, blog.eset.com and others (Every source is  listed in the domains.txt file).

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


exploit, gbot, rbn, worms… 195 New Domains to Block

Posted on July 16th, 2011 in exploit,RBN,Trojans by dglosser

195 New malicious Domains associated with exploits, rbn, gbot and other badness  to add to your shun or blacklist.  Sources include www.malwareblacklist.com, support.clean-mx.de, securehomenetworks.blogspot.com, riskanalytics.com, safebrowsing.google.com (Every source is  listed in the domains.txt file).

As mentioned in the previous post, one of these domains is cw . cm, which means there will be some overlap in our blocklist until we finish cleaning up the individual entries.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

cw.cm and google

Posted on July 15th, 2011 in Domain News by dglosser

Google has listed the entire cw.cm “domain” as harmful. We will be listing it here as well. There are about a dozen or so hosts already listed with that suffix, which may cause a problem for  those of you running the DNS-BH Blocklist on a proxy server until we finish cleaning up and removing those subdomains.