Feed

New domains to add to blocklist

Posted on July 13th, 2008 in fake codecs,New Domains,rogue antivirus,sql injection by dglosser

59 new domains to consider blocking. Some ASPROX SQL injection domains, some smitfraud, domains, a few rogue antivirus domains, a fake codec domain, and others.

Sources include:
ddanchev.blogspot.com, infosec20.blogspot.com, s3cwatch.wordpress.com and www.emergingthreats.net and others.

32881 .com antivirus-database .com
3g6 .se antivirus2009-freescan .com
wspscanner .com internet-security-antivirus .com
tulipes .ru malwarecrush2008 .com
mooncodec .com mega-soft-2008 .com
stat-run .com movsonline .com
usaadp .com opaadownload .com
best-cracks .com codecvideo2008-18 .com
butfcwji .com scanner-tool .com
butfcwji .net scanner .malwscan .com
chat-shqip .org security-scanner-online .com
codecreviews .com sextubecodec67 .com
codecupgrade .com soft-collections .com
just-tube .com stopbadware2008 .com
fixbserver .ru supersoft21freeware .com
getavideonow .com the-programsportal .com
gigaticket .net tmptmpservvv .com
goole .ws topantivirus-scan .com
hotvid44 .com virus-detection-scanner .com
hotvid55 .com virus-scanner-online .com
hotvid66 .com virus-webscanner .com
qqcc123 .cn virus9-webscanner .com
ruler-cash .com virusbestscan .com
s-freeware .com virusbestscanner .com
surf-scanner .com virusisolator .com
tateterop .com vwwredtube .com
virus-isolator .org wetsoftwares .com
virus-isolator .us winantivirus2008 .org
loveqianlai .cn windows-scanner .com
soft-archives .com  

Contact us if you want to help keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!

More ASPROX/SQL Injection Domains to Block ASAP

Posted on July 10th, 2008 in asprox,iframes,New Domains,sql injection by dglosser

49 new domains to block. Mostly ASPROX/SQL injection domains. Sources include:
ddanchev.blogspot.com, infosec20.blogspot.com, s3cwatch.wordpress.com

drvadw .com 18x-adult2008 .com
6161h1 .cn gbradp .com
6161h2 .cn gbradw .com
6161q1 .cn hdrcom .com
6161q2 .cn hq-codec .net
adwnetw .com jsappdad .com
appdad .com loopadd .com
asslad .com mainadt .com
attadd .com morenewsonline .com
ausadd .com movaddw .com
ausbnr .com mpegsystem .com
aviutility .com newsworldnow .com
zkd520 .cn nopcls .com
o7o8gm .cn best-codec .com
bkpadd .mobi popular-adult .com
bnsdrv .com portadrd .com
butdrv .com porttw .mobi
cdrpoex .com pyttco .com
cliprts .com statenewsworld .com
crtbond .com tctcow .com
dailydotnews .com tertad .mobi
destad .mobi usaadw .com
destbnp .com bestsoft-ware08 .com
usabnr .com 2008x-adult-2008 .com

Contact us if you want to help keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Domain Cleanup

Posted on July 8th, 2008 in Removed Domains by dglosser

Deleted 20 domains. Some were subduplicates where the base domain is already listed.

We have removed irc.hak5.org, irc.hak5irc.org, and irc.mintirc.net from the list as they are not currently hosting malicious bots.  Please update your filters to remove these false positives.

We have no desire to incorrectly list any domains–if you know of any domains which should be delisted, please read this post.

26 New Domains to add to Blocklist

Posted on July 8th, 2008 in asprox,iframes,New Domains,rogue antivirus,sql injection by dglosser

26 new domains to block. Asprox iframe domains, domains from the emerging threats sandbox, and others.

hiwowpp .cn bpcrfectchoice1 .com
aladbnr .com bpdrfectchoice1 .com
allocbn .mobi bpfrfectchoice1 .com
my745 .cn aeakemegood24 .com
qarchive .org antivirus2009-scanner .com
apidad .com antivirusxp2008 .com
gatepj .com asdjiweur87wsdcnb .info
gateuq .com asjidweur87wsdcnb .info
asodbr .com downloadbigclips .com
blcadw .com ebddracash .net
blockkd .com google-analistic .com
bnradd .mobi google-stat .net
bnrbase .com googlecounter .net
bnrbasead .com infectionscanner .com
bnrbtch .com lisyonok .org
browsad .com loctenv .com
brsadd .com topvirusscan .com
c-naver2 .com winspywareprotectdl .com
catdbw .mobi xponlinescanner9 .com
ccach-ddt .net dbgbron .com
ccadh-ddt .net dddrccash .net
clrbbd .com dddrecash .net
dddrfcash .net

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

New Wave of SQL Injections

Posted on July 7th, 2008 in Domain News,sql injection by dglosser

s3cwatch, infosec20 and dynamoo report on a new wave of SQL injections ending with ngg.js. Domains include:

adbtch .com
adwadb .mobi
aladbnr .com
allocbn .mobi
apidad .com
asodbr .com
asslad .com
blcadw .com
blockkd .com
bnradd .mobi
bnrbase .com
bnrbasead .com
bnrbtch .com
browsad .com
brsadd .com
canclvr .com
catdbw .mobi
clrbbd .com
dbgbron .com
jsadwadb .mobi
jsallocbn .mobi
jsappdad .com
jsbnradd .mobi
jsbnrbtch .com
jscanclvr .com
jscatdbw .mobi
jscont67 .com
jsdbgbron .com
jsktrcom .com
jslokriet .com
jsmainbvd .com
jsportwbr .com
jsstiwdd .com
jstestwvr .com
jsucomddv .com
jsupcomd .com
ktrcom .com
loctenv .com
lokriet .com
mainadt .com
mainbvd .com
portadrd .com
portwbr .com
stiwdd .com
ucomddv .com
upcomd .com

Block immediately.

New Asprox, zlob, Storm Worm Domains to block

Posted on July 6th, 2008 in iframes,New Domains,sql injection,Storm Worm,zlob by dglosser

New domains associated with asprox, zlob, and Storm Worm.
Many are being used in the latest SQL IFrame injection attacks:

1ive .net musiconelove .com
asp63 .com nationwide2u .cn
bestlovelyric .com makeloveforever .com
canclvr .com shelovehimtoo .com
cnzuma .cn spywareonlinescanner .com
cont67 .com lovekingonline .com
form43 .com superlovelyric .com
foursn .cn testwvr .com
gonelovelife .com theplaylove .com
greatadore .com ucomddv .com
knowholove .com makingadore .com
ktrcom .com makingloveworld .com
likethisone1 .com user1 .zhong262 .cn
lokriet .com wantcherish .com
stiwdd .com whoisknowlove .com
upcomd .com wholovedirect .com
portwbr .com wholoveguide .com
loveoursite .com loveisknowlege .com
mainbvd .com lovemarkonline .com
urs .axa-axa .cn

Sources: infosec20.blogspot.com, blog.scansafe.com, sudosecure.net, and others. Check the latest updates file for the original reference.

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Malwaredomains and Adblock Plus

Posted on July 4th, 2008 in Domain News by dglosser

The malware domain blocklist is now available in Adblock Plus format.

Please see http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus

www.securesuite.co.uk

Posted on July 3rd, 2008 in New Domains by dglosser

If anyone has information about www (dot) securesuite (dot) co (dot) uk, please forward it to us. It was listed as associated with phishing, but may be a legit site.

It will be temporarily delisted while information is collected. Please send any information our way. Thanks.

More Iframe domains to block immediately

Posted on July 1st, 2008 in iframes,New Domains,sql injection by dglosser

New Iframe Domains. Block immediately. Sources: shadowserver, scansafe blog, castlecops,  and others.

actualization .cn latinlovesite .com
asp27 .com lollypopycandy .com
atinlovesite .com maigol .cn
bnmfg .com .cn makinglovedirect .com
pid72 .com new-contentx-2008 .com
cntrl62 .com c9zuniilbbk4lild8-72bpnla-qz2rjllrczql8l2y .net
config73 .com dvb .bnmfg .com .cn
csl24 .com sexhornyparty .com
debug73 .com soft2008-freeware .com
default37 .com spyware-quick-scan .com
ssl39 .com youronlinelove .com
fayhvkfnvu .com theloveparade .com
get49 .net virus-scanonline .com
pid76 .net web923 .com
yourloveletter .com

Help fight spyware: Join the Spyware Listening Post!


domains.txt
file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format