Feed

adblock plus issue

Posted on June 30th, 2012 in New Domains by dglosser

We were just notified that adblock plus subscription is not updating… we are working on the issue and will let you know when it is fixed.

June 27 update – BH Exploit Kit, Run Forest Run, fariet domains

Posted on June 28th, 2012 in BH Exploit Kit,exploit,New Domains by dglosser

A small but important update with some fariet, run forest run, bh exploit kit domains. Sources include blog.eset.com, microsoft.com, blog.urlvoid.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Runforestrun update

Posted on June 26th, 2012 in 0day,exploit by dglosser

Old versions of Plesk store passwords in clear text
->   http://blog.unmaskparasites.com/2012/06/26/millions-of-website-passwords-stored-in-plain-text-in-plesk-panel/

There is  a remote  SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those
passwords.
-> http://kb.parallels.com/en/113321

 

Combine these two together and what do you get, malware of course.

Plesk Vulnerability Leading to Malware
http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html

Runforestrun and Pseudo Random Domains
http://blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/

Run, Forest! (Update) – block 95.211.27.206

https://isc.sans.edu/diary/Run+Forest+Update+/13561

 

We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block.

 

(Thanks to Jack W. for keeping us up-to-date on these developments.)

 

 

Virustotal and DNS-BH Malware Domain Blocklist

Posted on June 26th, 2012 in Domain News by dglosser

We are proud to announce that virustotal has integrated our list into their URL scanning engine.

http://blog.virustotal.com/2012/06/virustotal-malware-domain-blocklist.html

Since we don’t store full URLS, it’s in the “additional information” field. Thanks to the good folks at virustotal for making this happen!

 

Two updates: runforestrun, iceix, rogues, malvertising, malspam domains…

Posted on June 25th, 2012 in 0day,malvertising,New Domains,rogue antivirus,spam by dglosser

Two recent updates, adding over 230 domains associated with “RunForestRun, IceIX, Malicious Spam, Malicious Advertising, etc. Sources include www.malwaredomainlist.com, isc.sans.org, hosts-file.net and many more (all sources are listed in our domain.txt file.)
Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.
NO ZONE FILES ARE LOCATED ON THIS SITE.
* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Over 2000 domains removed

Posted on June 20th, 2012 in New Domains,Removed Domains by dglosser

Added a few domains, but  removed over 2000 older domains. Please update your blocklists.

 

Vulnerabilityqueerprocessbrittleness

Posted on June 19th, 2012 in 0day,rogue antivirus by dglosser

The Internet Storm Center lists a bunch of fake antivirus domai Several are already part of our list; we’ll be adding the rest in tonight’s update.   Would appreciate it if someone points us to a publicly available full list….

SIte Delisting: ryactive.com

Posted on June 18th, 2012 in Removed Domains by dglosser

ryactive.com has been delisted and will be removed on the next update.

zeroaccess, malspam, blackhole exploit domains

Posted on June 17th, 2012 in BH Exploit Kit,malspam,New Domains,Phishing,Trojans by dglosser

Added domains associated with bh exploits, malicious spam, zeroaccess and other trojans. Sources include labs.sucuri.net, hosts-file.net, blog.dynamoo.com. Please update your blocklists/sinkhole and follow our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

malvertising, malicious javascript, trojans…

Posted on June 13th, 2012 in exploit,malvertising,New Domains,Trojans,zeus by dglosser

Added over 140 domains associated with trojans, sql injection, malvertising, etc. Sources include www.xylibox.com, safebrowsing.clients.google.com, blog.dynamoo.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…