Feed

Huge Update: 1108 Domains

Posted on November 16th, 2014 in New Domains by dglosser

This week’s “haul” was a total of 1412 domains.

Last night, we added  angler, fiesta, kein, simda, zeus and other types of badness you don’t want visiting your computer or corporate network…. 1108 domains…  added from pwnedlist, joxeankoret, zeustracker, threatexpert and others (all domains and sources are listed in our domains.txt file.)

 

* Reminder: Starting on Dec 1st, we will be no longer be publishing the individual “update” files (which are located in the “/update” folder)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

485 New Domains (darkhotel, kins, angler, njRat, H-worm)

Posted on November 15th, 2014 in New Domains by dglosser

Update 11/10 – 162 New Domains Update 11/14 – 323 New Domains
darkhotel, kins, angler, njRat, H-worm, fake flash

Sources: threatglass.com, www.mwsl.org.cn, malwarehunterteam.com (all domains and sources are listed in our domains.txt file.)

* Reminder: Starting on Dec 1st, we will be no longer be publishing the individual “update” files (which are located in the “/update” folder)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

One Million Conficker DGA Domains…

Posted on November 12th, 2014 in New Domains by dglosser

We know Conficker/Downadup is years old, but the sad truth is that many organizations still have machines vulnerable to Conficker

We’ve uploaded Conficker/Downadup A-B-C-D  DGA domains for November 2014… Over a million of them(!), called conficker_201411xx.zip  (Zip file format only).

These domains are NOT added any master list.   The files are NOT  “set it and forget it”… They need to be cleaned up a bit (for example, of any comments).

As with any of our lists, use at your own risk (in this case, especially the risk of false positives or blowing up your DNS server).

Sources:
http://net.cs.uni-bonn.de/wg/cs/applications/containing-conficker/
https://www.alienvault.com/open-threat-exchange/blog/detecting-malware-domains-by-syntax-heuristics

Two Requests:

  • PLEASE let us know if this is useful in any way and if we should continue this exercise for December and January’s Conficker Domains.
  • PLEASE let us know if there are any available lists or sources of DGA domains or DGA domain algorithms.

 

 

 

181 new domains – njrat, fake jobs, malspam

Posted on November 10th, 2014 in New Domains by dglosser

Added 181 domains associated with fake jobs, malicious spam, njrat, and other badness. Sources: cybertracker.malwarehunterteam.com, malwareurls.joxeankoret.com, threatglass.com   and others (all domains and sources are listed in our domains.txt file.)

* Reminder: Starting on Dec 1st, we will be no longer be publishing the individual “update” files (which are located in the “/update” folder)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

CritX, rovnix, GOZ, wirelurker domains

Posted on November 9th, 2014 in New Domains by dglosser

Added 119 domains associated with WireLurker, GOZ, CritX, Rovnix and others. Sources include  malwareurls.joxeankoret.com, blog.malwarebytes.org,     www.paloaltonetworks.com (all domains and sources are listed in our domains.txt file.)

* Reminder: Starting on Dec 1st, we will be no longer be publishing the individual “update” files (which are located in the “/update” folder)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Reminder: Starting Dec1st, separate update files will no longer be published

Posted on November 8th, 2014 in New Domains by dglosser

Starting on Dec 1st, we will be no longer be publishing the individual “update” files (which are located in the “/update” folder)

The vast majority of users  are simply pulling from the main lists. Please update any scripts you may have before December 1st.

359 New Domains

Posted on November 6th, 2014 in New Domains by dglosser

Added 359 new malicious domains. Sources: www.mwsl.org.cn, malwareurls.joxeankoret.com. (all domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

rogue pharmacy, fake support and other malicious domains

Posted on November 5th, 2014 in New Domains by dglosser

Added 133 domains (fake support pages, fake pharmacy pages, malware) from www.spam404.com, safeweb.norton.com, hosts-file.net and others (all domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

tinba, zeus, goz domains added

Posted on November 3rd, 2014 in New Domains by dglosser

Added 104 domains (tinba, goz, etc) from zeustracker, trendmicro, bambenekconsulting and others (all domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.

Recent Updates – almost 1000 domains added

Posted on November 1st, 2014 in New Domains by dglosser

10/29 – 650 domains added
10/31 – 359 domains added

Sources: www.spamhaus.org, blog.malwarebytes.org, pwc.blogs.com, malwareurls.joxeankoret.com., www.mwsl.org and others. (all domains and sources are listed in our domains.txt file.)

* Please help to keep this site free and donate whatever you can: All donations go to hosting and infrastructure costs
* twitter page: https://twitter.com/malwaredomains

* These malware block lists provided here are for free for noncommercial use as part of the fight against malware. Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.
* Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
* We also have a mirror dedicated to research and Open Source Projects – please contact us for details.