Feed

Weekly List Update

Posted on June 29th, 2016 in locky,New Domains,ransomware,Removed Domains by Adam Shinn

We’ve added 692 domains to the list over the past week. We have seen new variants of ransomware being distributed and more domains downloading locky. These domains are being added to our list as we find them and as others submit them to us. Thank you for using Malware Domains.

Another List Update

Posted on June 22nd, 2016 in New Domains,Removed Domains by Adam Shinn

Over the past two weeks we added 3196 domains to our list and removed 978. Another wave of locky ransomware has surfaced and some new ransomware variants have also popped up. Thanks to the community for sending in submissions. We couldn’t do this without you.

Keeping fighting the good fight.

Malware Domains

Report on Fast Flux ZBot Network

Posted on June 10th, 2016 in Domain News,fastflux,News by Adam Shinn

We’d like to let you know about a report on the crimeware using a fast flux ZBot network.

“A commercially driven fast flux network is facilitating criminal activity such as malware, spam bots, ransomware, carder sites and more…Often, new domains join this botnet only a few days or at most, weeks apart. Some domain names have remained associated with the network for months or years. Parts of the botnet use frequently changing DNS NS records as well as DNS A records. This is generally regarded as “double flux” activity — another layer in hiding the network.”

You can read the full report here: ow.ly/pGEG3012Pe0

List Clean Up

Posted on June 7th, 2016 in New Domains,Removed Domains by Adam Shinn

We have been working to clean our list of outdated and cleaned domains. Last week alone we removed 4461 domains from our list and added 1453. If there is a domain that you would like us to review and delist, please email us at mal3ware5doma6ins@gma3il.com (remove all numbers).

Thank you for using Malware Domains.

List Update

Posted on June 2nd, 2016 in New Domains,Removed Domains by Adam Shinn

Last week (5/22-5/28) we added 1852 domains to the list. 336 domains were removed. 223 of these domains were Locky ransomware downloads or C&C servers contacted by Locky ransomware. 155 domains were a part of a Kraken botnet. Please update to the latest list and thank you for using Malware Domains.

List Update and More Ransomware

Posted on May 27th, 2016 in New Domains by Adam Shinn

Last week we added 571 domains to the list and removed 14. We found Locky ransomware and noticed another wave of Cerber ransomware going around. Distribution of the ransomware usually comes through a malicious doc or javascript file which calls out to a compromised domain hosting the ransomware. These malicious attachments are being sent in spam emails. Take care when opening unsolicited email attachments.

Thank you for using Malware Domains.

List Updated

Posted on May 18th, 2016 in New Domains,Removed Domains by Adam Shinn

Added 1402 domains to the list and removed 1129 this past week. Many of these domains were phishing scams and fake virus pages. Thanks to the community who has contributed to this list over the past week.

List Update

Posted on May 10th, 2016 in New Domains,Removed Domains by Adam Shinn

This past week we added 1561 domains to the list and removed 6.
Once again, a lot of these domains are hosting Locky ransowmare. Stay safe out there.

Malware Domains

List Update

Posted on May 4th, 2016 in New Domains,Removed Domains by Adam Shinn

Last week we added 457 new domains to the list and removed 9.
We saw another wave of Locky ransomware and Dridex over this past week. Stay safe.

Thank you for using Malware Domains.

New HTTPS mirrors

Posted on May 4th, 2016 in New Domains by Adam Shinn

Thanks to Ernesto Pérez and Paul Bernal of CEDIA for hosting two more mirrors with https. Links to these mirrors can be found on our mirrors page: http://www.malwaredomains.com/?page_id=29