Weekly List Update

Posted on June 29th, 2016 in locky,New Domains,ransomware,Removed Domains by ashinn

We’ve added 692 domains to the list over the past week. We have seen new variants of ransomware being distributed and more domains downloading locky. These domains are being added to our list as we find them and as others submit them to us. Thank you for using Malware Domains.

Another List Update

Posted on June 22nd, 2016 in New Domains,Removed Domains by ashinn

Over the past two weeks we added 3196 domains to our list and removed 978. Another wave of locky ransomware has surfaced and some new ransomware variants have also popped up. Thanks to the community for sending in submissions. We couldn’t do this without you.

Keeping fighting the good fight.

Malware Domains

Report on Fast Flux ZBot Network

Posted on June 10th, 2016 in Domain News,fastflux,News by ashinn

We’d like to let you know about a report on the crimeware using a fast flux ZBot network.

“A commercially driven fast flux network is facilitating criminal activity such as malware, spam bots, ransomware, carder sites and more…Often, new domains join this botnet only a few days or at most, weeks apart. Some domain names have remained associated with the network for months or years. Parts of the botnet use frequently changing DNS NS records as well as DNS A records. This is generally regarded as “double flux” activity — another layer in hiding the network.”

You can read the full report here: ow.ly/pGEG3012Pe0

List Clean Up

Posted on June 7th, 2016 in New Domains,Removed Domains by ashinn

We have been working to clean our list of outdated and cleaned domains. Last week alone we removed 4461 domains from our list and added 1453. If there is a domain that you would like us to review and delist, please email us at mal3ware5doma6ins@gma3il.com (remove all numbers).

Thank you for using Malware Domains.

List Update

Posted on June 2nd, 2016 in New Domains,Removed Domains by ashinn

Last week (5/22-5/28) we added 1852 domains to the list. 336 domains were removed. 223 of these domains were Locky ransomware downloads or C&C servers contacted by Locky ransomware. 155 domains were a part of a Kraken botnet. Please update to the latest list and thank you for using Malware Domains.