Feed

DNS Sinkhole 10/14 Update: 129 New Domains

Posted on October 15th, 2011 in exploit,malspam,malvertising,MoneyMule,New Domains by dglosser

Added 129 domains associated with RBN, moneymule, malspam and other malicious activity you don’t want on your personal computer or network. Sources: www.emergingthreats.net, blog.dynamoo.com, labs.m86security.com and others

(Every source is  listed in the domains.txt file)

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


iframe, moneymule, rbn domains

Posted on October 11th, 2011 in exploit,iframes,malspam,New Domains,rogue antivirus,zeus by dglosser

Added over 120 domains associated with RBN, moneymule,  blackhole exploit kit… Sources include wam.dasient.com, www.emergingthreats.net, www.spamhaus.org  (Every source is  listed in the domains.txt file)

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format. (The mirror for compressed zip files is up and running – please contact us for details.)

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


Artro, bestpack, morto, zbot domains

Posted on August 31st, 2011 in exploit,New Domains,Trojans,zeus,zlob by dglosser

Added 240 domains associated with zbot, morto. bestpack, etc. Sources include www.spamhaus.org, www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.asp, www.emergingthreats.net, malwareurl.com

(Every source is  listed in the domains.txt file)…

Reminder:  The zone and text files are ONLY be available from a mirror and are not available from  the main site!!

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

265 new domains

Posted on July 27th, 2011 in exploit,fake codecs,malspam,New Domains,rogue antivirus by dglosser

ramnit, palevo, rogue, fake codec domains were added. Sources include vxvault.siri-urz.net, www.threatexpert.com, garwarner.blogspot.com

(Every source is  listed in the domains.txt file).

Reminder: 
Starting on August 1st, the zone and text files will ONLY be available from a mirror and will no longer be available on the main site!!


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Starting August 1st, files are ONLY  available via the download mirrors. Main mirror is : http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


willysy .com Mass Injection

Posted on July 26th, 2011 in 0day,Domain News,exploit by dglosser

Armorize reports on a mass injection of, 90,000 infected pages. The injected iframe points to willysy .com.

We’ll be adding those domains on tonight’s update, but please read the article and take immediate action if you can.

180 New TDL3/TDSS Botnet, cycbot, exploit, rogue domains

Posted on July 18th, 2011 in exploit,New Domains,RBN,rogue antivirus,Trojans,zeus by dglosser

Added 180 domains associated with fake security/scareware, rbn, TDSS/TDL3, TDSS4 etc. Sources include securehomenetworks.blogspot.com, scrapbook.zscaler.com, blog.eset.com and others (Every source is  listed in the domains.txt file).

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…


exploit, gbot, rbn, worms… 195 New Domains to Block

Posted on July 16th, 2011 in exploit,RBN,Trojans by dglosser

195 New malicious Domains associated with exploits, rbn, gbot and other badness  to add to your shun or blacklist.  Sources include www.malwareblacklist.com, support.clean-mx.de, securehomenetworks.blogspot.com, riskanalytics.com, safebrowsing.google.com (Every source is  listed in the domains.txt file).

As mentioned in the previous post, one of these domains is cw . cm, which means there will be some overlap in our blocklist until we finish cleaning up the individual entries.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

168 New Domains Added

Posted on July 12th, 2011 in asprox,exploit,MoneyMule,New Domains,RBN,rogue antivirus by dglosser

168 new domains associated with BH Exploit, fake job offers,moneymule, rbn and more. Sources include doc.emergingthreats.net, amada.abuse.ch, ddanchev.blogspot.com, securehomenetworks.blogspot.com (Every source is  listed in the domains.txt file).


Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.

These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.

Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.

Please download files from main mirror: http://mirror1.malwaredomains.com/files/

BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

163 New Domains: Trojans, Rogue Antivirus, Zeus, PDF Exploits

Posted on June 25th, 2011 in exploit,New Domains,rogue antivirus,zeus by dglosser

163 new domains associated with fake security programs, trojans and exploits.  Sources include www.emergingthreats.net, vxvault.siri-urz.net, blog.fireeye.com and others (Every source is  listed in the domains.txt file).

We are thinking about not listing the sites individually here as users are reposting the lists to Web of Trust and other sites but not removing their comments once the site is delisted here.  Unfortunately, these other sites keep the negative reputation due to a listing here long after they’ve been removed on this site.  (Please let us know if you find the individual site listings on this blog page useful. )

June 21 Update

Posted on June 22nd, 2011 in exploit,MoneyMule,RBN,rogue antivirus,Trojans,zeus by dglosser

Added 328 domains (too many to list individually) associated with exploits, moneymule scams, rogue security, scams and other badness. Sources include www.tristatelogic.com, www.spamhaus.org, www.scamfraudalert.com and others.