DNS-BH – Malware Domain Blocklist

49 new domains to block. Mostly ASPROX/SQL injection domains. Sources include:
ddanchev.blogspot.com, infosec20.blogspot.com, s3cwatch.wordpress.com

drvadw .com	18x-adult2008 .com
6161h1 .cn	gbradp .com
6161h2 .cn	gbradw .com
6161q1 .cn	hdrcom .com
6161q2 .cn	hq-codec .net
adwnetw .com	jsappdad .com
appdad .com	loopadd .com
asslad .com	mainadt .com
attadd .com	morenewsonline .com
ausadd .com	movaddw .com
ausbnr .com	mpegsystem .com
aviutility .com	newsworldnow .com
zkd520 .cn	nopcls .com
o7o8gm .cn	best-codec .com
bkpadd .mobi	popular-adult .com
bnsdrv .com	portadrd .com
butdrv .com	porttw .mobi
cdrpoex .com	pyttco .com
cliprts .com	statenewsworld .com
crtbond .com	tctcow .com
dailydotnews .com	tertad .mobi
destad .mobi	usaadw .com
destbnp .com	bestsoft-ware08 .com
usabnr .com	2008x-adult-2008 .com

Contact us if you want to help keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Deleted 20 domains. Some were subduplicates where the base domain is already listed.

We have removed irc.hak5.org, irc.hak5irc.org, and irc.mintirc.net from the list as they are not currently hosting malicious bots.  Please update your filters to remove these false positives.

We have no desire to incorrectly list any domains–if you know of any domains which should be delisted, please read this post.

26 new domains to block. Asprox iframe domains, domains from the emerging threats sandbox, and others.

hiwowpp .cn	bpcrfectchoice1 .com
aladbnr .com	bpdrfectchoice1 .com
allocbn .mobi	bpfrfectchoice1 .com
my745 .cn	aeakemegood24 .com
qarchive .org	antivirus2009-scanner .com
apidad .com	antivirusxp2008 .com
gatepj .com	asdjiweur87wsdcnb .info
gateuq .com	asjidweur87wsdcnb .info
asodbr .com	downloadbigclips .com
blcadw .com	ebddracash .net
blockkd .com	google-analistic .com
bnradd .mobi	google-stat .net
bnrbase .com	googlecounter .net
bnrbasead .com	infectionscanner .com
bnrbtch .com	lisyonok .org
browsad .com	loctenv .com
brsadd .com	topvirusscan .com
c-naver2 .com	winspywareprotectdl .com
catdbw .mobi	xponlinescanner9 .com
ccach-ddt .net	dbgbron .com
ccadh-ddt .net	dddrccash .net
clrbbd .com	dddrecash .net
dddrfcash .net

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

s3cwatch, infosec20 and dynamoo report on a new wave of SQL injections ending with ngg.js. Domains include:

adbtch .com
adwadb .mobi
aladbnr .com
allocbn .mobi
apidad .com
asodbr .com
asslad .com
blcadw .com
blockkd .com
bnradd .mobi
bnrbase .com
bnrbasead .com
bnrbtch .com
browsad .com
brsadd .com
canclvr .com
catdbw .mobi
clrbbd .com
dbgbron .com
jsadwadb .mobi
jsallocbn .mobi
jsappdad .com
jsbnradd .mobi
jsbnrbtch .com
jscanclvr .com
jscatdbw .mobi
jscont67 .com
jsdbgbron .com
jsktrcom .com
jslokriet .com
jsmainbvd .com
jsportwbr .com
jsstiwdd .com
jstestwvr .com
jsucomddv .com
jsupcomd .com
ktrcom .com
loctenv .com
lokriet .com
mainadt .com
mainbvd .com
portadrd .com
portwbr .com
stiwdd .com
ucomddv .com
upcomd .com

Block immediately.

New domains associated with asprox, zlob, and Storm Worm.
Many are being used in the latest SQL IFrame injection attacks:

1ive .net	musiconelove .com
asp63 .com	nationwide2u .cn
bestlovelyric .com	makeloveforever .com
canclvr .com	shelovehimtoo .com
cnzuma .cn	spywareonlinescanner .com
cont67 .com	lovekingonline .com
form43 .com	superlovelyric .com
foursn .cn	testwvr .com
gonelovelife .com	theplaylove .com
greatadore .com	ucomddv .com
knowholove .com	makingadore .com
ktrcom .com	makingloveworld .com
likethisone1 .com	user1 .zhong262 .cn
lokriet .com	wantcherish .com
stiwdd .com	whoisknowlove .com
upcomd .com	wholovedirect .com
portwbr .com	wholoveguide .com
loveoursite .com	loveisknowlege .com
mainbvd .com	lovemarkonline .com
urs .axa-axa .cn

Sources: infosec20.blogspot.com, blog.scansafe.com, sudosecure.net, and others. Check the latest updates file for the original reference.

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

The malware domain blocklist is now available in Adblock Plus format.

Please see http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus

If anyone has information about www (dot) securesuite (dot) co (dot) uk, please forward it to us. It was listed as associated with phishing, but may be a legit site.

It will be temporarily delisted while information is collected. Please send any information our way. Thanks.

New Iframe Domains. Block immediately. Sources: shadowserver, scansafe blog, castlecops,  and others.

actualization .cn	latinlovesite .com
asp27 .com	lollypopycandy .com
atinlovesite .com	maigol .cn
bnmfg .com .cn	makinglovedirect .com
pid72 .com	new-contentx-2008 .com
cntrl62 .com	c9zuniilbbk4lild8-72bpnla-qz2rjllrczql8l2y .net
config73 .com	dvb .bnmfg .com .cn
csl24 .com	sexhornyparty .com
debug73 .com	soft2008-freeware .com
default37 .com	spyware-quick-scan .com
ssl39 .com	youronlinelove .com
fayhvkfnvu .com	theloveparade .com
get49 .net	virus-scanonline .com
pid76 .net	web923 .com
yourloveletter .com

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format