Feed

100 sites to block

Posted on March 20th, 2009 in Conficker,Domain News,New Domains by dglosser

Sources include  www.malwaredomainlist.com,     atlas.arbor.net, bharath-m-narayan.blogspot.com, safelab.spaces.live.com:

1369zz .com allavers .org
13opd .com angantivirus2009 .com
20-12 .cn angantivirus-2009 .com
35mju .com bestbreakingfree .com
3f4wws .cn bestfiresfull .com
423adobe .com betstarwager .cn
51gouwu .net biglendlive .info
545adobe .com breakingfreemichigan .
675adobe .com breakingkingnews .com
685adobe .com checkclick-download .info
94saomm .com checkclick-site .info
9605 .net .cn clickcouner .cn
987adobe .com ddroomabartcc .com
a77e1468 .biz densitytrim .net
asd12 .com dgmeifeng .cn
asd6u .com dirtysellers .com
baby178 .com dl .shuangfei .info
bhj4w .com dollarrevenue .com
cfrsc .com download-antivirus2010 .info
dsews .com fileuploader .com
epeiy .com filmlifemusicsite .cn
fc0921 .cn gamecentersolution .com
fdsewwe .cn globalstats .net
fg67i .com heavenplace .cn
frt7k .com hnhack123 .ww .ybdns .org
fsdfe .com hotnews .xorg .pl
ft5yj .com info4us .info
ghy67 .com ivefound .com
gov9988 .com kaeverak .com
gthju .com keepongoing .info
hhgg3 .com lastcountc .com
hjkio .com lovertoorcn .cn
leepe .cn main-dns .com
lwstats .com mshomegroup .com
rdeg42 .cn namebuyline .cn
rmpezrx .org naranjasdor .com
rtgma .com newsantimalware .com
ruanle88 .cn orderasia .cn
s3f5n .com payvirusmelt .com
sb9835 .cn perfectnamestore .cn
ss-01 .com politicblog .cn
updvms .cn promixgroup .cn
updvms .net returnmyexe .cn
vdmjl .com should-be .cn
vfyte .com stats-analytics .cn
vilknew .com tagged-gallery .com
vippif .com tcpaidui .com
xboxa .com thankyouforsmoking .cn
xorg .pl threatnuker .com
xsert5 .com tntbreakingnews .com
yeziio .cn vad-mortensen .dk
ymlsw .cn virusmelt .com
zlzu .ru virusmeltpro .com
zsde4 .com win-pc-defender .com
aaidu-6661 .com yourbreakingnew .com

Conficker Worm Resources

Posted on February 14th, 2009 in Conficker,Domain News by dglosser

The Internet Storm Center has a nice summary of Conficker removal instructions and domain blocklists.  Resources include:

Downadup.B/Conflicker.B IP generation and domain name predictor tool

http://mnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html

Detecting Conficker in your Network

http://www.cert.at/static/conficker/TR_Conficker_Detection.pdf

Full List of Conficker Domains

http://www.cert.at/static/conficker/all_domains.txt

We have included a list of domains and zone files in DNS-BH format. There are  over 90,000 (!)domains, which is too many to include in the main blocklist file. Some may be duplicates with entries already in the main file, so you may have to manually remove them.

Conficker, Waledac, Fake Security Domains to Block

Posted on January 22nd, 2009 in asprox,New Domains,rogue antivirus,sql injection by dglosser

Lots of domains associated with Conficker, Waledac,  and fake antivirus removal sites.  A few domains associated with sql injection.  Neuter them all.  Thanks to     www.scanw.com/blog, ddanchev.blogspot.com, www.shadowserver.org, and others for providing this information:

3bomb .com 365zhaosheng .com
51much .com antispyknight .biz
706sese .cn antivirus-scan-your-pc .com
allspaces .com bestantivirusdefence .com
bc-s350 .cn best-antivirus-defense .com
bengchitt .cn bestantivirusfastscan .com
bestbarack .com bestantivirusfastscanner .com
daoye .nm .cn bestantivirusproscan .com
dbrgf .ru bestantivirusproscanner .com
dicgdsp .org best-antivirus-pro-scanner .com
dzxecapiw .info best-antivirus-protection .com
epwqbyya .com best-antivirus-scanner .com
expowale .com bestbaracksite .com
fogzchqe .org bestobamadirect .com
gkenjj .biz best-scanner-pc .net
goeasybill .com cbchyttgqay .biz
gogo2me .net damnedspyware .com
gpt0 .ru fastantispywarescan .com
id-rt02 .cz frankiezfunz .com
iwtrubh .biz gameproadvance .com
ji88 .com goldensurvey .com
jobarack .com goodnewsdigital .com
jvikldgo .net goodnewsreview .com
kcgxgnny .net google-analytics .pbtgr .ru
keke03 .cn googlenations .cn
lijg .ru googl-status .com
lyhivgkd .org googol-analisys .com
mefenydz .com greatbarackguide .com
mfqal .net greatobamaguide .com
nprzq .biz greatobamaonline .com
ojzarbw .net hiromatokoko .biz
pbtgr .ru internet-antispyware-scan .com
ppkok .cn internetexamine .com
ppsuite .com internetprotectedpayments .com
qiweroqw .com linkworldnews .com
qqqqkkkss .cn liveantispywarescan .com
rheni .org live-antispyware-scan .com
rrrrpppkk .cn live-antiviruspc-scan .com
skyhu .com nohtingherez .cn
smakata .com pharmacy-earth .com
syqxvsid .com premium-advanced-scanner .com
teirkmm .net proantiviruscomputerscan .com
tejary .net proantivirusprotection .com
thecountx .net professional-virus-scan .com
topwale .com rapidantiviruspcscan .com
ttfabb .com rapidspywarescanner .com
ukdikl .org reportradio .com
uzapl .com securedonlinewebspace .com
vvk5 .cn securedserverdownload .com
vvk7 .cn securedupdateupdatesoftware .com
vyuiwltf .com secure-plus-payments .com
waledirekt .com softwaresecuredbilling .com
waleonline .com spacemynews .com
wew2223 .cn superobamadirect .com
winzxm .com superobamaonline .com
xskeqrcl .net thebaracksite .com
xxhdy .net tyoxnaqjrlu .org
xxztb .org uqruninkqca .net
yeofa .org waleprojekt .com
yeynxe .net wapcitynews .com
yjodeikka .org worldnewsdot .com
yprpg .biz worldnewseye .com
ytcqft .com worldtracknews .com
zzzz6655 .cn  

Contact us if you want to help us keep the Malware Domain Blacklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format.
spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…