Feed

Looking for volunteers and donations

Posted on May 27th, 2012 in Domain News by dglosser

Looking for volunteers to help us maintain the blocklist.    Things like  writing  perl programs (cygwin compatable) to compare the blocklist to google’s safebrowsing database, etc .  No compensation except authorship credit as well as knowing that you work will help in the neverending fight against malware.

If you consider this blocklist useful, please consider donating money or sponsoring the list.

Measuring the Lifecycles of Malicious Domains

Posted on May 23rd, 2012 in Domain News by dglosser

Interesting article found here….  From the abstract:

…we present preliminary results from
on-going experiments we are conducting to track the lifetime of
malicious domains. Studying the lifecycles of malicious domain
names will provide insight into the many classes of criminal
networks that depend on DNS, and inspire the development of
new, more effective countermeasures.”

 

Some highlights:

  • the number of resurrected domains gravitates around 200 everyday revealing a number of domains that are intermittently inactive, which could potentially be an evasion mechanism or a correlating characteristic of instability
  • Contrary to our intuition …  many of the [malicious] domains are long-lived and more domains are being introduced than are dying.

We’ve noticed and tracked  many of the   “immortal” malware domains  but haven’t done any research into “resurrected”, or intermittently inactive/active domains. Hmmm

Again, we encourage research using our blocklists and have set up a mirror dedicated to open source projects and scholarly research.  All we  ask that you let us know about such research

Check your download scripts ASAP

Posted on April 29th, 2012 in Domain News,mirror by dglosser

Check your download scripts ASAP….

Too many users are STILL pointing to the main www site for the zone files, which have not been here for MONTHS…

PLEASE update your scripts to pull from one of the download mirrors. DO NOT point to the www (blog) site  as there is nothing to download.

 

The Suspicious Domains List at SANS

Posted on April 18th, 2012 in Domain News by dglosser

After some maintenance downtime, the Suspicious Domains lists at https://isc.sans.edu/tools/suspicious_domains.html have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources

.

 

 

List revalidation: 1700+ domains removed

Posted on April 3rd, 2012 in Domain News,Removed Domains by dglosser

We just reevaluated 1824 domains… 1720 were removed,  79 were STILL actively blacklisted by google after many months and were added our  “immortal” list.

List of removed domains is: http://mirror2.malwaredomains.com/files/removed-domains-20120402.txt

List of “immortal” malware domains:  http://mirror2.malwaredomains.com/files/immortal_domains.txt

 

 

More IPs Banned

Posted on April 1st, 2012 in Domain News by dglosser

61 downloads and 85.6 MB downloaded in less than one day from a single IP address?? Just banned over 25 IPs for bandwidth abuse.

 

List Recertification: Over 1300 Domains Removed

Posted on February 25th, 2012 in Domain News,Removed Domains by dglosser

Over 1300 domains have been delisted.   Please update your blocklists

Reminders:

  • the main site does not contain any zone files. Please download files from one our our download mirrors
  • Pull ONLY the file you need – there is no need to pull every zone file!  Abusers will be banned!
  • Anyone pulling files more than every 12 hours will be banned!
  • We also have a mirror dedicated to research and Open Source Projects – contact us for details.
  • Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use the “wget -N”!

Mirror is Back Online (also new mirror)

Posted on February 15th, 2012 in Domain News by dglosser

mirror2.malwaredomains.com is back up – direct access to the zone files is working but things like displaying directory indices is a work-in-progress.

We are also testing another mirror  –  compressed full zone files only  –  located at  http://www.malware-domains.com/ (note the dash)

Please give it a try and let us know…

 

 

mirror2.malwaredomains.com temporarily down

Posted on February 14th, 2012 in Domain News by dglosser

mirror2.malwaredmains.com is temporarily down; we will update you once it is back up.  In the meantime, please use one of the other mirrors or contact us for details regarding the mirror handling only compressed files.

 

Domain Delistings: 1617 Domains Removed

Posted on January 30th, 2012 in Domain News by dglosser

1617 Domains have been removed; 33 domains have been added to the “immortal” domain lists. Please update your blocklists (ONCE per 12 hours, no reason to do it every hour like some people who will be blocked for continuous abuse).