We recently revalidated about 800 long-lived, “immortal” malware domains.
These are domains which were identified as malicious anywhere between 90 and 360 days ago. but according to google safebrowsing, are still actively involved in badness.
Some of these domains have been on the DNS-BH List for YEARS.
Of these 800 domains, 55 were removed. That means that 745, or over 93%, are still actively associated with malware.
List of removed (non immortal?) domains: removed-domains-20120104.txt
List of “the immortals: immortal_domains.txt
A “psychohistory” of these long-lived malicious domains would be interesting and we’d be happy to help with any of those research efforts.