Feed

New Domains You Really Need to Block

Posted on May 23rd, 2008 in iframes,New Domains by dglosser

35 new domains you really need to block. Sources: emerging threats sandbox, new iframe injection domains from shadowserver, Bharath’s Security Blog.

001yl .com   jsjwh .com .cn  
111991 .net   just .fukin .go .a-w-a-y .org  
13175 .com   ka47 .us  
17173dl .cn   kvm-secure .com  
176fc957c .net   kvmsecure .com  
17ge .cn   msshamof .com  
427224 .com   okey123 .cn  
52-o .cn   pest-patrol .com  
99 .vc   qiuxuegm .com  
adw95 .com   sexpictures .co .uk  
aidushu .net   spywareiso2008 .com  
kaobt .cn   urkb .net  
bddr-cash .com   vipantisetup .net  
chliyi .com   virus-isolator .com  
dota11 .cn   virus-isolator .net  
fucksb .net   www60 .actualization .cn  
heartgames .cn   antivirus-scanner .com  
killpp .cn    
 

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

What to do if your domain is listed….

Posted on May 23rd, 2008 in New Domains by dglosser

Q. My domain is listed unfairly. How do I get my domain removed?
A. Remember that we are a reporting service. All of the data comes from external sources. None of the domains or sites listed on the DNS-BH lists come from data created here. So generally speaking to get off a list you should contact that data source as described in the domains.txt file.

Check other major antivirus and malware vendors to see if you are also listed there as well as the domains.txt file may not be the only location which lists your domain as malware or malicious.

Provide documented, third-party proof that these vendors have “delisted” your domain. Contact us after you’ve provided this information.

Threatening legal action or starting legal proceedings will result in a much longer delay in getting your site removed. The DNS-BH project is a volunteer non-for-profit project and blacklist operators are protected under U.S. Federal statute and case law 47 USC 230(c)(2)(B).

We have no wish to list a site unfairly. Although every effort is made to ensure the list is error free, mistakes can and will occur. We do not want to list anything that should not be listed. This list is not intended to block ad serving, or any other legitimate activity. It’s intent is to help network operators and others to identify and stop malware infections.

This list comes with no guarantees. We all have other full-time jobs. This is a completely volunteer effort as part of the fight against malware.

The average time between asking for a site to be delisted and the site actually being delisted (if warranted) is less than 24 hours.

Again, threatening legal action or starting legal proceedings will result in a much longer delay in getting your site removed.

If a domain is removed, it is still listed in the “domains.txt” file with a comment (#) in the first column but is not active.

Just to clarify – this has always been our policy, back when we were hosted on the bleedingsnort web site.

Another SQL Injection Domain: chliyi. com

Posted on May 23rd, 2008 in iframes,New Domains by dglosser

Shadowserver has updated his list to include www. chliyi. com and possibly others. Check his listing ASAP.

Will be added here on the next update.

IFRAMES are evil.