Feed

Artro, bestpack, morto, zbot domains

Posted on August 31st, 2011 in exploit,New Domains,Trojans,zeus,zlob by dglosser

Added 240 domains associated with zbot, morto. bestpack, etc. Sources include www.spamhaus.org, www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.asp, www.emergingthreats.net, malwareurl.com

(Every source is  listed in the domains.txt file)…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

zbot, trojans, Ponmocup, drivebys… so it goes

Posted on August 24th, 2011 in New Domains,rogue antivirus,Trojans,zlob by dglosser

192 domains associated with zbot, ponmocup, drivebys, spyeye… Sources include amada.abuse.ch, www.emergingthreats.net, www.malwareurl.com (Every source is  listed in the domains.txt file)…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

,

Site Delisting: internetsecure.com

Posted on August 24th, 2011 in Removed Domains by dglosser

internetsecure.com has been delisted and will be removed on tonight’s update

Drivebys, fast flux, botnet, moneymule, etc…

Posted on August 23rd, 2011 in fastflux,MoneyMule,New Domains,Phishing,Spyeye,Trojans,zeus by dglosser

A large update a few days ago which I forgot to add… Over 300 zeus, moneymule, botnet  domains…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Site Delisting: bajaao.com

Posted on August 19th, 2011 in Removed Domains by dglosser

bajaao.com has been delisted and will be removed on the next update.

Dynamic DNS & Bulk Domain Registrars

Posted on August 18th, 2011 in Bulk Registrars,Domain News by dglosser

Just wanted to point out a few lists we have that are not part of any of our blocklists:

If you have any additional domains which belong to one of these categories, please let us know and we’ll add them.

The Spyware Listening Post is Back!

Posted on August 16th, 2011 in Domain News by dglosser

After a short hiatus the Emerging Threats Spyware Listening Post is back!  (Matt was kind enough to host the first incarnation of the DNS-BH List on his servers many years ago back in the BleedingSnort days).
New capabilities include the ability to emulate and blackhole known command and control channels (more of a dark net project).
All information collected is sanitized and will NEVER be released in an identifiable format. The Spyware Listening Post will collect url, user-agent, domain requested, and http header patterns from HTTP and HTTPS traffic.

You contribution is very appreciated, and will make a direct impact on the quality and diversity of the Emerging Threats  Open rulesets and will help improve the DNS-BH List.

Here’s how to send your data:

http://doc.emergingthreats.net/bin/view/Main/SpywareListeningPost

List Validation: 980 domains removed

Posted on August 16th, 2011 in Domain News,Removed Domains by dglosser

We performed a list recertification  of over 1100 domains. Approximately 980 were removed.

However, this means that about 100 domains, after first being identified as malicious six months ago, are still classified as harmful by google safebrowsing.

These domains were added to our “immortal  malware domain” list, which now contains over 1510 “immortal” malware domains.

zeus, rogues, spyeye, artro, fake job domains…

Posted on August 14th, 2011 in malvertising,MoneyMule,New Domains,rogue antivirus,Spyeye,Trojans,zeus by dglosser

251 domains associated with fake job offers, zeus, fake av, etc. Sources include amada.abuse.ch, blog.dynamoo.com, safebrowsing.google.com, tristatelogic.com  (Every source is  listed in the domains.txt file).

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

artro, fakeav, malspam, zeus domains

Posted on August 10th, 2011 in malspam,New Domains,rogue antivirus,Trojans,zeus by dglosser

Added some artro, fakeav, malspam, zeus domains. Sources include zeustracker.abuse.ch, www.siteadvisor.com, siteinspector.comodo.com, garwarner.blogspot.com

(Every source is  listed in the domains.txt file).

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Starting August 1st, files are ONLY  available via the download mirrors. Main mirror is : http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…