Feed

wget -N

Posted on January 31st, 2012 in New Domains by dglosser

Someone informed us that wget has a “-N” option which will will ask the server for the last-modified date. If the local file has the same timestamp as the server, or a newer one, the remote file will not be re-fetched. However, if the remote file is more recent, Wget will proceed to fetch it. (http://www.gnu.org/software/wget/manual/wget.html#Download-Options) – please test and let us know how it works out

Thanks!

Domain Delistings: 1617 Domains Removed

Posted on January 30th, 2012 in Domain News by dglosser

1617 Domains have been removed; 33 domains have been added to the “immortal” domain lists. Please update your blocklists (ONCE per 12 hours, no reason to do it every hour like some people who will be blocked for continuous abuse).

Abuse.ch: Cybercriminals Moving Over To TLD .su

Posted on January 29th, 2012 in General Security by dglosser

According to abuse.ch,  cybercriminals are moving from .ru to .su (.su is the Top Level Domain for the Soviet Union, which no longer exists)

Abuse.ch recommends examining your gateway logs, and  if you don’t see any legit .su domains being hit/used in your company,  just simply block .su.

dns-bh.sagadc.org mirror

Posted on January 28th, 2012 in mirror by dglosser

The mirror at http://dns-bh.sagadc.org, located in Europe, contains both uncompressed and compressed files.  Of course, please grab one or the other – not both :)

Trojan.Pidief, redret, phishing domains

Posted on January 27th, 2012 in New Domains by dglosser

Over 150 malicious domains associated AS47583, Pidief, redret, phishing, etc added. Sources include blog.dynamoo.com, support.clean-mx.de, xylibox.blogspot.com (every source is  listed in the domains.txt file)

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

BPhoster, Zeus, Fast Flux…

Posted on January 25th, 2012 in fastflux,New Domains,zeus by dglosser

Added 101 domains associated with BPHoster, Zeus, Fast Flux, Hiloti, iceIX. Sources include amada.abuse.ch, exposure.iseclab.org, www.emergingthreats.net (every source is  listed in the domains.txt file). Please update your blocklists/sinkhole  and review our Terms of Use.

HostExploit – Q4 2011 Top 50 Bad Hosts and Networks

Posted on January 24th, 2012 in General Security by dglosser

Top 50 Bad Hosts & Networks Q4 2011

HostExploit is pleased to present the Q4 2011 report on the Top 50 Bad Hosts and Networks, in collaboration with Russian security company Group-IB.

The final quarter of 2011 saw AS47583 Hosting Media move up to #1 Bad Host, having been well known in the Top 10 for some time. The Lithuanian-based host was found to be supporting some of the worst types of threats including several botnet-related activities such as Zeus as well as C&smp;C servers, exploit servers, phishing servers, malware and badware.

HostExploit analyzed all 39,796 publicly-advertised Autonomous Systems (including web hosts, commercial networks and registrars) with the results represented in a number of ways. Also included are features on the latest threats such as smartphone infections and the “Dirt Jumper” DDoS botnet.


We’ll be examining  domains living on AS47583 and other Bad Hosts and adding them to our blocklist,  but you should perform your own research and add them as appropriate.

Attention: Endian Firewall Appliance Users

Posted on January 23rd, 2012 in Bandwidth by dglosser

Your appliance is killing our servers!

Please change all references to www.malwaredomains.com/files/spywaredomains.zones (which does not exist and is currently a redirect) to mirror2.malwaredomains.com/files/spywaredomains.zones IMMEDIATELY.

rbackdoor-pihar, bphoster, htaccessredirect domains

Posted on January 22nd, 2012 in exploit,New Domains,Trojans,zeus by dglosser

Added 110 domains yesterday (forgot to post) associated with bphoster, zeus, drivebys, pihar and other badness. Sources include amada.abuse.ch, google safebrowsing, www.spamhaus.org

(every source is  listed in the domains.txt file)

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Download Abuse

Posted on January 22nd, 2012 in New Domains by dglosser

Some  bandwidth abuse statistics  for Jan1-Jan22 2012:

One IP in 50.56.126.x range = 1.3 GB data downloaded
One IP in 173.60.198.x range = 1.1 GB data downloaded
One IP in 85.18.188.x range = 1.0 GB data downloaded

You are all blocked — and will remain blocked — until you kindly explain how you managed to download a GB of this data in 22 days and contribute to the bandwidth costs which you have so selfishly abused.