Feed

IE 0day exploit domains added

Posted on July 7th, 2009 in 0day,exploit,New Domains by dglosser

Added more IE 0-day exploit domains from isc.sans.org:

17xj .cn 64tianwang .com
27pay .com 6gerere3e .cn
2wdqwdqw .cn 85580000 .com
66yttrre .cn babi2009 .com
6sys6 .cn ccfsdee32 .cn
73yi .cn cdew32dsw .cn
7iai .cn ceewe3w2 .cn
9owe2211 .cn d212dddw .cn
carloon .cn dasda11d .cn
ckt5 .cn duiguide .us
gkiot .cn dump .vicp .cc
hostts .cn haha888l .com
huimzhe .cn haha999b .com
kan31ni .cn hao-duo .com
kmip .net jazzhigh .com
mjbox .com linezing .com
xin765 .com netcode .com
y2y2dfa .cn wildmansai .com

Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…

Full List of IE 0day exploit domains

Posted on July 6th, 2009 in Domain News,Donate by dglosser

The Internet Storm Center has a running list of IE 0day exploit domains.

Many of these domains are already listed, those which are not will be added on the next update. Check the SANS list often and update your own blacklist often.

PS – because of the mention of this site traffic has increased dramatically. Please consider donating to help hosting and infrastructure costs.

New 0-day in Microsoft DirectShow

Posted on July 6th, 2009 in Domain News by dglosser

http://isc.sans.org/diary.html?storyid=6733

A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited through drive-by attacks using thousands of newly compromised web sites, according to CSIS. The code has been published in the public domain via a number of Chinese web sites.

http://translate.google.com/translate?prev=hp&hl=en&js=n&u=http%3A%2F%2Fwww.csis.dk%2Fdk%2Fnyheder%2Fnyheder.asp%3FtekstID%3D799&sl=da&tl=en&history_state0=

Domains currently involved are:  hxxp://milllk. com and hxxp://8oy4t .8866 .org but you can be sure there will be more.

Both of these domains are currently listed in our blocklist, (one added over the weekend), so refresh your blocklist ASAP!

Happy 4th of July from waledac

Posted on July 4th, 2009 in New Domains,spam,Waledac by dglosser

Many waledac independence day domains, some zeus domains, and other badness.  Sources include www.malwareurl.com, zeustracker.abuse.ch, www.siteadvisor.com:

1ffli .com .mx 1live-antimalware-pro-scan .com
51pt .com .cn 1liveantimalwarequickscnan .com
7777ee .com 4thfirework .com
7777tt .com 6-tube-world .com
a3l .ru advanced-virus-remover2009 .com
ajokauz .cn antimalwareaupdateserver .com
ajyawif .cn antimalwaregiard .com
akajjcthr .com antivir2009pro .com
akoede .cn antivirapro .com
akoetly .cn antivirfile .com
apefovy .cn antivirsystempro .com
arachka .com antivir-systempro .com
ateugic .cn antiviruslicensepurchase .com
ateygi .cn antivirus-nt .com
atiawy .cn antivirussyspro2009 .com
atiguko .cn antivirwin2009 .com
ativoma .cn avirguardian .com
atoceuk .cn avirprotect .com
atofaf .cn awareprotect .com
atyorzi .cn benini .xpg .com .br
avayhik .cn best-antivirus-pc .info
avemyk .cn dreamheartsnow .cn
aveyco .cn enginecoolant .cn
aveylpa .cn filescan4 .info
aviopuh .cn fireholiday .com
avoapyt .cn fireworksholiday .com
awyeg .com fireworksnetwork .com
b5r .ru fireworkspoint .com
b7p .ru flywell-travel .com
b9g .at freeindependence .com
bayscan4 .info full-antispyware-scanner .com
bbvvbb .cn green-tube-site .com
best-av .info guard-gate .info
bgiyjcthr .com guardincorp .info
biumer .com handyphoneworld .com
bonusdream .cn happyindependence .com
boxingclubs .cn holidayfirework .com
bricezfunz .com holidaysfirework .com
c1z .at holifireworks .com
c5e .at hot-exe-area .net
c5p .at hotxxxtubz .com
c5p .ru i-antivirusplus .com
c5y .at imgesinstudioonline .com
cheappower .ru interactiveindependence .com
dfdfg443 .cn jukeboxjunkie .at
entrank .com let-exe-2009 .com
fobrim .cn luxartpics .net
fomazej .cn miosmschat .com
fombual .cn miosmsworld .com
gasdry .ru morescan4 .info
gemells .com movie4thjuly .com
gg .jjmmmmm .cn moviefireworks .com
gogotraff .cn movieindependence .com
gvod-down .cn movies4thjuly .com
gzpf .in moviesfireworks .com
hexhome .com moviesindependence .com
hfs-haus .de music-megaupload .com
hh88567 .cn mynameisboxxy .com
hohoh .biz mywhitecoat .com
ina6iq .com netgalleryart .com
keeperbook .cn outdoorindependence .com
lentopl .info privatesecuredpayments .com
mavr-best .com pro-secure .info
medisont .com protectinstructor .info
megapain .info protectionlol .info
metroking .ws queilesaventura .com
milllk .com safeandsearch .info
mixlotsite .cn scan4high .info
mvt .c4 .fr scan6zoom .info
no-virus .info scan-spyware-now .com
pixphotos .com scanzoom6 .info
pokjuyt .ru secure .paysecureorders .com
qvod881 .cn secure-gov .com
rain-man .cn securerealy .com
ro-skill .com securitybestonline .com
rtcb .org sesese .y145c .cn
smophi .com shootersworld .cn
suntravet .cn superhandycap .com
sxicl .co .uk systemprotectinc .info
tcsrz .com thehandygal .com
tec .qc .cx therealsecurityshields .com
tong-ji .com thesecuritynsyard .com
tongji520 .com totalsecuritysite .com
trfdb .net trustshield .info
udta .in video4thjuly .com
uhaulde .cn videoindependence .com
ukropin .com vivalatube .com
vpsvip .com wirtschaft-frieden .ch
welivehere .cn workscan4 .info
wthelp .cn www-facebook .net
xs8g .com xmoviedownloads .cn
yusitymp .com yourhandyhome .com
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…

More Fake Codec, Zeus Trojan Domains

Posted on July 2nd, 2009 in fake codecs,New Domains,Trojans by dglosser

Over 230 bad domains.  Sources include www.malwaredomainlist.com, www.malwareurl.com, zeustracker.abuse.ch:

3bor .ru 840384tony .mobi
8070371 .com abnc-portal .com
a5l .at acmecorp .net .cn
abuze .cn adult-you-tube .info
acajelu .cn agro-files-archive .com
actupdate .net all-in-exe .com
ajal .ru allsecurityshields .com
aligovs .cn alls-tube-here .com
atxh .in alwebsearch .info
axtos .net analrapesite .com
bablomet .net anella2009 .dominiotemporario .com
bbwgroup .cn animalsextoy .com
bestplace .in anti-malware-2010 .com
bjbotnet .cn archi-tube-world .com
blade2009 .ru archiv-tube-world .com
bn2z .cn arkbroadcasters .org
boroda888 .cn artmarket .or .kr
botnetuk .cn autodirection .cn
bum-biz .com baessler-befestigungssysteme .de
buminch .org bigmack .opendns .be:81
chartse .cn bouncenplay .ca
chiliwilli .cn brooksxvideos .com
cleanmyos .com businesproject4you .org
coolbelts .cn carlo20 .dyndns .org
coolgifs .cn cashpopup .info
crawlnet .cn christmasclub .cn
ctuf .info cokoladovefigurky .sk
d4rkst4r .cn coolcrosses .cn
dailynylon .cn coolpapabell .cn
darkslim .cn coolwordart .cn
detcentral .cn crabindustry .ru
doggody .com delaizoloto .cn
domenzmonz .cn dma-businessclt .com
eminemlive .cn drugly-cats .net
etm-p .cn dunkinsworld .cn
fackaaa .com easycash2all .com
factoria .ru ecseonline .com
filomo .com efreeflow .com
finksayq .ru fdheropytrqazepisak .com
fireee .com filedeepsea .com
forserv .net firstplumb .info
foxholter .ru foundguide .com
funaman .com freeguard .biz
fynimytu .cn fristcenter .cn
gasa .in goironscan .com
geda .it google-analitics .cn
ggmt .in googlenames .cn
go5reborn .cn greatfound .net
goldtraf .su happyabc .ru .ru
greatpoets .cn harleyhousedomain .cn
greattoast .cn hepofishycs .info
grozv .cn howareubro .com
hostingmd .cn indidrugs .com
hub-z .net irunasa .no-ip .info
hxzv .in istitutomicoterapico .it
hzcpwl .cn javiercubel .com
igorhhasy .ru kedex02 .hpg .ig .com .br
ina4ch .com lastfmmusic .cn
iuyf .at linus1630 .dominiotemporario .com
jopi .mobi londondirect252z .ru
kat15 .com loots-leg .com
kik .mine .nu malwareprofessional .com
klikvp .cn maujidoon .com
krasotka .ph medianet08 .net
labormi .com mercadoabc .com .br
lil9 .cn mini-socks .ru
liventsov .ru mougoalivee .com
lyuboy .cn msncoreupdate .com
mabira .ws mycomputerscanner .com
makefred .cn mydb4umuser .org
mbd2 .org myofficeguard .info
miafery .org newagehosting .cn
midigratis .cn nicevideo18 .ne
mobpvl .cn nirmjika31 .name
mypage12 .com nupoprobuyloknia .com .cn
myteqw .com oneplace-all-exe .com
nanomx .net onlinefilesviruscheck .com
nehyzimo .cn pics .bubbled .cn
newskyag .com pop-market .name
olikar .ru robingood .beeglover .cn
opbise .cn royrose1939 .ph
orzsystem .me rustavi2 .hastyfree .com
outerinfo .com safetyutilitys .com
pe2pe .net searchearth .info
posofler .com security-access-control .cn
pro100biz .cn serverinlit .cn
prorom .cn sheep-crc .com
pwerwerwe .ru smsdiarybig .cn
r0t .su szederjei .com
rbckc .com tdngroupsltd .com
rklr .in technoopmizer .cn
roasocks .com thanksforscan .com
samorez .cn thecamsnow .net
sdelaem .cn thesecuritytools .com
seistic .org thewarningcenter .com
sex4fun .su threatpcscanner .com
skystels .com tiho .polomaem .cn
sofiloren .cn tmr-unlimited .com
sohalar .cn touquetventes .com
sploday .com truemtstick .cn
stkgroop .cn twittercut .com
super .tom .ru ultracreative-solutions .biz
svertok .com vbssssffff .ru
theiwbl .ru vse-buddet-zae .biz
ttiirk5 .com wareshield .cn
vaav .sk websystemsec .info
vertusale .cn welcomeone .cn
vexokope .cn xpressforummoney .org
x9s7b .cn xxx-video-tube .org
xazlon .cn xyseinobama .org
zbot .su yandexcounter .ru
zdbbd .cn yourtubeworld .com
zonephp .com zeus-logs .org
z-paiment .ru zeuspanel .name
zsyr .in zz7 .no-ip .info
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
New: Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!

Used by SURBL, MOREnet, and others…