Feed

Happy Valentines Day From the Storm Worm

Posted on February 11th, 2008 in Storm Worm by dglosser

Arbor Networks and SpamWiki, among others, reports Happy Valentine Day Storm Worm Spam with varying subjects:

  • Sending You My Love
  • A Toast My Love
  • Your Love Has Opened
  • Sending You My Love
  • When Iā€™m with You
  • Our Love is Free
  • When You Fall in Love
  • A Token of My Love
  • I Love Thee
  • Hugging My Pillow and more….

For now, the BadGuys are using IPs in their email. EmergingThreats has a bunch of Storm Sigs and IP blocklists to catch this stuff.

SpamWiki seems to always has the most up-to-date information on the Storm Worm and other Spam.

dns-bh domain blocklist update

Posted on February 5th, 2008 in New Domains by dglosser

New domains, mainly from emergingtheats sandbox:

3rb69 (dot) com 4irc (dot) com
aaathemes (dot) com alfree5 (dot) info
chnsystem (dot) com d0d0n0 (dot) info
daw00dbhai (dot) info explorethepearl (dot) com
flibbernet (dot) homelinux (dot) org winquickupdates (dot) com
gayyree (dot) info hacktalk (dot) net
hzs (dot) cn kronicx (dot) com
leechnet (dot) net malwarecore (dot) com
meoryprof (dot) info qoogler (dot) com
quara-best (dot) com ryan1918 (dot) com
s10 (dot) dynu (dot) net serv1 (dot) gayyree (dot) info
svcs (dot) ma (dot) cx swapixtreme (dot) com
swiifatecihno (dot) com thefreesite (dot) com
trojan8 (dot) com voodofiles (dot) com

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference

New Domains from EmergingThreats.net

Posted on January 31st, 2008 in New Domains by dglosser

EmergingThreats has provided us with the following domains:

1a123 (dot) com ads.netbios-local.com
advertisementhost (dot) com asp (dot) milan-fans (dot) com
blackroz (dot) com budppsh (dot) com
cadesfinjeriokas (dot) com cgmess (dot) com
controlmeh (dot) com creatonsoft (dot) com
ebalashka (dot) com farmasearch (dot) com
fixed (dot) milan-fans (dot) com friendx (dot) 4irc (dot) com
gfxgraphics (dot) net hightstats (dot) net
hospedaaqui (dot) com (dot) br host-domain-lookup (dot) com
irc (dot) captainpacket (dot) com iwasborn (dot) strangled (dot) net
key4 (dot) keysearch (dot) co (dot) kr kykbonsa (dot) com
littleworld (dot) pe (dot) kr official (dot) ipointyou (dot) hk
onlinesearch4meds (dot) com paguole (dot) com
parkhuset (dot) net payperdownload (dot) nl
pcdoc (dot) co (dot) kr pimp (dot) foilball (dot) info
selfsearchro (dot) com sypercasino (dot) com
updatemysettings (dot) com vigatans1705 (dot) net
wellbate (dot) com worldcasino (dot) to

Help fight spyware: Join the Spyware Listening Post!

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND Server format
domains.txt file is the complete list along with original reference