Feed

Fraud, Scam, Spyeye, Zeus

Posted on September 30th, 2011 in New Domains,Spyeye,zeus by dglosser

Added 100  Fraud, Scam, Spyeye, Zeus and other malicious domains. Sources include xylibox.blogspot.com, vxvault.siri-urz.net, blog.dynamoo.com (Every source is  listed in the domains.txt file)


Please contact us regarding a dedicated mirror for compressed files…  The files will be in zip format.


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

xylibox.blogspot.com

Research Articles

Posted on September 26th, 2011 in News by dglosser

Occasionally this list is used as part of research into malware and domain security.   Please drop us a note if you find such a reference in an article or presentation; if you are the author, let us know.

Two papers we’ve become aware of:

Understanding the Prevalence and Use of Alternative Plans in Malware with Network Games - http://www.cc.gatech.edu/~ynadji3/docs/pubs/gzaraid2011.pdf

A Demonstration of DNS3: a Semantic-Aware DNS Service – http://iswc2011.semanticweb.org/fileadmin/iswc/Papers/PostersDemos/iswc11pd_submission_106.pdf

Compressed Files for Downloads

Posted on September 24th, 2011 in Domain News by dglosser

A few people have mentioned that we should consider compressing the files on our servers and have the end-user uncompress them

If you are willing to test this, please contact us and we’ll point you to a dedicated server.  The files will be in zip format. Thanks.

Small but important update: 64 domains added

Posted on September 23rd, 2011 in New Domains by dglosser

Added 64 buterat,  sql injection and other malicious domains. Sources include amada.abuse.ch, www.siteadvisor.com, support.clean-mx.de

(Every source is  listed in the domains.txt file)

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

New Mirror: mirror2.malwaredomains.com

Posted on September 22nd, 2011 in Domain News by dglosser

The fine folks at it-mate.co.uk have set up a new mirror for us.

mirror2.malwaredomains.com

Please test. Also, please remember to use the datestamp or timestamp files to check  if there’s a new file BEFORE downloading any other files.

Here is a shell script someone has written to do just that: update-blackhole.sh. Please test it, improve upon it, etc.

We are also discussing internally options like bittorrent, jigdo, serving info via DNS, serving only the updates,  compressing the files via gzip or bz2, etc.

We are truly appreciative and humbled by the support we’ve received. (Except for the one site which was using our files as part of a “speed test” – no thanks for you) …

Download Abuse

Posted on September 21st, 2011 in Domain News by dglosser

How can a single ip address download 100 MB in a 24 hour period??

How come we have dozens of ip addresses doing this??

These ip addresses have been blocked.

The files datestamp and timestamp were set up to increment whenever a new file is loaded.   Please use them.

Again, p-l-e-a-s-e limit your downloads to once every 12 hours or your ip address will be banned.

Download limits

Posted on September 19th, 2011 in Domain News by dglosser

We are finding many hourly (or more often) pulls of our zone and text files.  Please limit all automated downloads to once every 12 hours or the ip address will be banned. We cannot afford the bandwidth costs!

Mirror Update: Please Test

Posted on September 18th, 2011 in Domain News by dglosser

The new mirror seems to be up, DNS will take a while to finish pointing to the new server… Please test and let us know if things are working. Thanks.

Update #2: New Mirror

Posted on September 18th, 2011 in Donate by dglosser

We are setting up a new mirror. It will take a while for DNS to propagate. Details to follow…

Update: mirror issues

Posted on September 18th, 2011 in Domain News by dglosser

Our clueless hosting provider for the main mirror refuses to acknowledge that there’s a problem on their end. They are blaming (a) internet explorer, (b) our ISP, (c) the internet.

We explained that the problems happens in multiple browsers. We explained that we’ve tried from different ISPs. etc.

Time to find a new web host for the main mirror.

No scripts, a lot of static files, a lot of downloads and a lot bandwidth is needed. Low-cost, as all hosting costs are out-of-pocket.

Any suggestions are welcome.