Feed

Java 0-Day Domains, BH Exploit Kit Domains, other malicious domains

Posted on August 28th, 2012 in 0day,BH Exploit Kit,exploit,New Domains by dglosser

Added domains associated with the Java 0-day, Blackhole Exploit Kit, and other badness. Sources include labs.sucuri.net, blog.fireeye.com, www.spamhaus.org  (all sources are listed in our domain.txt file.)

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Endian Firewall Users – Urgent Update

Posted on August 28th, 2012 in Bandwidth by dglosser

All references to www.malwaredomains.com/files/spywaredomains.zones need to be changed  to mirror1.malwaredomains.com/files/malwaredomains.zones  IMMEDIATELY!

The line DNSMASQ_BLACKHOLE_REDIRECT in /var/efw/dnsmasq/default need to be changed to 127.0.0.1 or 0.0.0.0 IMMEDIATELY.

Users and IP addresses which repeatedly attempt to download zone files directly from this site (the majority of which are misconfigured Endian users)  will be banned.

DNS-BH Update – 104 new domains

Posted on August 27th, 2012 in New Domains by dglosser

Added 104 new domains from hosts-file.net, safebrowsing.clients.google.com, www.avgthreatlabs.com and others (all sources are listed in our domain.txt file.)

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.  We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Outgoing network traffic & Malicious Activity

Posted on August 23rd, 2012 in New Domains by dglosser

SANs has a nice write-up about analyzing outgoing network traffic to identify malicious activity. They list a bunch of ip blocklists and IP reputation sources.

(We’ve also has two updates since the last post,  busy at our real $Jobs…)

 

August Updates 10 and Aug 8 updates

Posted on August 14th, 2012 in New Domains by dglosser

Just a quick note that there have been updates on August 3rd, 5th, and 10th.

Also, Endian Firewall Users:  please update your configuration (see this post) ASAP.

NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from ALL downloads. 

We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Domains and IPs to Block ASAP

Posted on August 9th, 2012 in 0day,sql injection by dglosser

Two posts from the Internet Storm Center:
SQL Injection Lilupophilupop style –Lists about a dozen domains you should immediately add to your blocklists plus more in Dynamoos blog.

Zeus/Citadel variant causing issues in the Netherlands – Follow the links and block  those IP addresses

 

 

 

Attn: Endian Firewall Users

Posted on August 7th, 2012 in New Domains by dglosser

Please upgrade immediately!

All references to www.malwaredomains.com/files/spywaredomains.zones need to be changed  to mirror1.malwaredomains.com/files/malwaredomains.zones  IMMEDIATELY!

The line DNSMASQ_BLACKHOLE_REDIRECT in /var/efw/dnsmasq/default need to be changed to 127.0.0.1 or 0.0.0.0 IMMEDIATELY.

 

 

 

 

 

Regex/fail2ban guru wanted

Posted on August 5th, 2012 in General Security by dglosser

If anyone is familiar with fail2ban/regex and is willing to donate a bit of time,  please contact us at 123malware88domains88-at-gmail.com (remove all numbers)

 

 

DNS-BH Aug3 Update – relisted domains

Posted on August 3rd, 2012 in relisted by dglosser

Added 203 domains – domains where were at one time delisted but are once again associated with malware.
NO ZONE FILES ARE LOCATED ON THIS SITE.  Users  and ip addresses which repeatedly attempt to download zone files directly from this site will be banned from all downloads.  We also have a mirror dedicated to research and Open Source Projects – please contact us for details.
* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…