Feed

DNS Sinkhole Setup

Posted on June 19th, 2010 in Domain News by dglosser

The Internet Storm Center has released a DNS Sinkhole ISO.  It utilizes three different blocklists including ours.   Article here.


Reminder:

This malware block lists here are provided for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

dns-bh update: 145 new domains

Posted on June 18th, 2010 in New Domains by dglosser

Sources include: secuboxlabs.fr, www.malwaredomainlist.com, support.clean-mx.de, ddanchev.blogspot.com:

amerp .in qghtdopqoxk .com
aschw .in searchtanup .org
conrp .in webgoengine .com
fenhw .in 7gafd33ja90a .com
gighw .in aebankonline .com
hapug .in best-online1 .com
tupin .in bigboatmedia .com
amadox .nl clkh71yhks66 .com
arnold .kz direktlinks .info
hgptd .com domain460003 .com
korvet .in eurostargroup .ws
admin-x .de la2planet .1gb .ru
arthurp .fr mediarymedia .com
emapis .org searchdubles .org
jdfgut .com searchprasup .org
mylexa .com abtdiagnostic .com
cbphase .com anathema .yurx .com
eagen85 .net chipsoftindia .com
edsogos .com ku .perfectexe .com
edstoox .com mediaracinggo .com
newsapis .us scanner-album .com
algis-khv .ru searchmartiup .org
bedayton .com searchprodinc .org
braiener .com smartcontrol .info
edsctrum .com superhomelawn .com
edsfiles .com superwebmedia .com
styletown .ru websitecoolgo .com
tributem .com best-real-tube .com
wrtybvim .com gite-eguisheim .com
dsfspaoi .info mediasupermart .com
e-depot .co .jp memory-scanner .com
edscorpor .com top-teen-porn .info
edsfilles .com webgosolutions .com
edsletter .com barcalys-trial3 .com
edslgored .com bigsecurityscan .com
edsnewter .com diggingforroots .com
edsspectr .com internetgotours .com
f-myspace .net networksportsgo .com
finderwid .org scanner-profile .com
gerointyt .net superfilestools .com
netgozero .com westmediasystem .com
onefindup .org digitallightdata .com
r-myspace .net findsecurityscan .com
spmfb2299 .com google-server09 .info
spmfb3309 .com google-server10 .info
webcoolgo .com google-server11 .info
wifahquaht .ru google-server12 .info
z-myspace .net google-server14 .info
z0g7ya1i0 .com google-server29 .info
ads-search .com google-server31 .info
alcamarsaci .cl mediaonesoftware .com
arthur-demo .fr scanner-hardware .com
barriolamc .com scanner-supplies .com
chileenduro .cl smartenergymodel .com
domusconsul .hu stats .arthur-com .net
ever52592g .com blacksecurityscan .com
fb-viewing .net bossmediaservices .com
googleapis .biz flash-exe-video .co .tv
hyporesist .com developpeur-drupal .com
toolbarinc .com macacodoido .pagebr .com
vostokgear .org scanner-definition .com
webmagicgo .com cerclewalloncouillet .be
websiteget .com online-photo-albums .org
acdftbbaoxk .com themultimediastream .com
err3uperr .co .cc clearpathhealingarts .com
gigoweb .mine .nu jhuiuhxfgxhlfkjhjth .info
ldeqkkmloxk .com jhuiuhxfgxhtfkjhjth .info
mediaboomgo .com jhuluhxfgxhlfkjhjth .info
mediagotech .com creation-site .arthur-com .net
mghtdapmoxk .com eethahchaehiexahgeemaugh .com
ns28780 .ovh .net downloads .picterezmap-008 .com
obsidallynd .com institut-developpement-durable .com
porto .napoli .it

note: update was this morning, for some reason post did not get published…

Delisting: eurorot.com

Posted on June 16th, 2010 in Removed Domains by dglosser

eurorot.com has been delisted and will be removed on the next update.

fastflux, zeus, trojan domains added

Posted on June 15th, 2010 in New Domains by dglosser

sources include secuboxlabs.fr, atlas.arbor.net, www.malwaredomainlist.com, zeustracker.abuse.ch:

221212121 .ru
3vu76g4ef .co .cc
arsdh .in
besttap .ru
bun2 .info
campinglavall .net
caseva .es
cdsgnk .com
clearstudiomedia .com
cooperaccio .org
coremedianews .com
crexes .ru
cutchair .ru
dbcorps .com
dewaned .eu
dhhound .com
evqwt .ru
gocloth .ru
herkalek .net
hi5views .com
hostshack .net
hugefrogs .ru
iesahnaepi .ru
inhaber-moack .com
ivanyi .homeip .net
jcfkprwasnaj .com
johgheejae .ru
keridiangelis .com
klajj .ru
lekbin .com
llessui .com
loteriahadamadrina .com
msdll .ru
municipalidadlagoranco .cl
pausestorm .com
polotomo .com
rekoplis .com
reservedomainforzs2 .com
scanner-master .com
scanner-programming .com
security-adress .com
serraniasuroeste .org
sh000 .com
shortemail .ru
smokyegg .ru
spyeye100 .org
statsianighteworkes .com
trust-update .com
update4ever .ru
updateservice-server .net
video4gamle .org
vopret .ru
vrituyes .in
vv05 .info
whole-family-incest .com
woodruby .net
xdebuuwxoxk .com
yeeshiedot .ru
zebrabel1 .co .cc
ziosuovareipheighaisheek .com

Site Delisting: filefront.com

Posted on June 15th, 2010 in Removed Domains by dglosser

The filefront.com listing is a false positive and will be removed on tonight’s update.

zeus, 8080, rogue domains

Posted on June 14th, 2010 in exploit,New Domains,zeus by dglosser

Sources include: malwaredomainlist.com, malc0de.com, support.clean-mx.de, zeustracker.abuse.ch:

2677 .in adspace .img .fux .com
3x55conto .nu adultxxxblog19 .in
arsenalik .ru antony .freewebhostx .com
arxa .110mb .com apocalypticdose .com
baxm .ru automaticsecurityscan .com
bigpayinfos .com beautifulsecurityscan .com
biklmner .com bestindiansexvideos .com
bioparking .info bestviewbars .com
boxnusst1e .com cellphones .mooo .com
buy-is2010 .com chance46pace .blog .com
cbsnet .co .za chance46pace .diaryland .com
ddll .in computermumbai .com
defendvirus .com cybertranceru .ru
domains .txt dailynetblog .com
dragofss .com downloadfreenow .in
dynvolume .com dsfkdj383dmdjk .com
erbition .com dykkerklubben .net
ewzine .com flashplyaer .info
eyx8 .com freeweightloss .lovefoodbefit .com
file .mm .co .kr freshcontentengine .multiply .com
files-online .ru freshcontentengine .vox .com
finderdea .org gaxeexchange .com
hi5-imgs .net hartenbodo .fileave .com
hiphopniger .com ilterrazzoallaveneziana .it
icia .t35 .com img-myspaces .com
joprestons .net inexpensive-furniture .com
kaael .in itmakemehappy .com
kaaleeks .net library .cshl .edu
klonding .com ligatu .fileave .com
kucharze .info lillebaeltejendomme .dk
ldah .net macromediatest .com
lifeps .net mediaaidsite .com
limenspot .com mediagroupquiz .com
mjbims7m .ru metalinkltd .com
mutinied .info mixtim23 .dominiotemporario .com
my-spacess .com moscowismine .in
myspaaces .net myblogfriend .com
naq-herdam .com mymoviestyle .com
networkget .com mypersonalroomservice .ws
newsbosnia .org oblspecstroi .ru
nt12 .co .in origin-ics .hotbar .com
okrison .com parfaitpournous .com
opazbz .com porno-video-hunt .co .cc
otloade12 .info porntube-fast .com
parasolka .in porntube-todayx .com
phaizeipeu .ru protectyourpc-11 .com
promojoy .net public .blu .livefilestore .com
qikafojuc .cn realstatecuador .com
reger0582 .com rscenter .website .pl
reklamen7 .ru sapolandialanche .hpg .com .br
rrri .uicp .cn scanner-interface .com
sexadults .ru scanner-tips .com
sexhotmamba .ru slutload .org .uk
sexmambass .ru soldierantivirus .com
sexmambu .ru sony-universo3d .com
sexplaycom .ru sporthal .msolutions .be
shup .com sportxxx-ltd .com
sportvision .cl technology-scanner .com
sputv .ru telecharger-poker-star .fr
syszone .co .kr theautocompanyy .info
tizimoyiy .cn thelbaldoart .hpg .com .br
trepluyt .com tunisia-security .com
ttyur .com ultra-light4u .net
tutani .co .cc update2date .com
utrvc .com vegascity24 .com
veropoema .net watchindiansexvideos .com
vkoim .ru webonline .is-a-geek .net
wfrtube .net workslikethat .com
whyustrust .com xunttsyiinb .com
xchurch .org .uk xxxbeastmovs .in
yeshouse .net ytoimneyqawernmkla .deswelt .net
zanga .haos .ro zeppbrannigan .com
zzgame .co .kr

This malware block lists here are provided for free for noncommercial use as part of the fight against malware.

Please help to keep this site free and donate whatever you can. All donations go to hosting and infrastructure costs.

Also, yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.

Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
Updates are located at http://www.malwaredomains.com/updates or one of the mirrors

The full files are located at: http://www.malwaredomains.com/files or one of the mirrors
Primary Mirror: http://mirror1.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.

Also Available in AdBlock, ISA, and MaraDNS formats.

A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, and others…

New mirror: mirror1.malwaredomains.com

Posted on June 13th, 2010 in Domain News by dglosser

We’ve set up a new mirror (text only)

http://mirror1.malwaredomains.com

The main domain files are located in: http://mirror1.malwaredomains.com/files

Please test this site and let us know if there are any issues. Thanks!

many scareware, exploit, and rogue domains added

Posted on June 12th, 2010 in New Domains,rogue antivirus,zeus by dglosser

Sources: ddanchev.blogspot.com, jsunpack.jeek.org,and others:

1classfilter .be actionsdefence .com
1ip5p8h .co .cc amquijycpntb .co .cc
1us51n .co .cc antispyware-guard .comrogue
24shopping .nl aqejhilmvb .co .cc
770304123 .cn babah20122012 .com
9mama .pl bead .shop-in-hk .com
aaoutdoors .com bestdesision .co .cc
acdaovvaoxk .com bestgreatarts .com
action-force .net bestsavezz1 .co .cc
aifmydpuhv .co .cc bestsavezz2 .co .cc
anytimeopen .com bestsavezz3 .co .cc
apwireless .ca bestsavezz4 .co .cc
arnepqjya .co .cc bestsavezz5 .co .cc
atomizer .net bestsavezz6 .co .cc
avmarket .com .ua bestsavezz7 .co .cc
baby-car .ru bestsavezz8 .co .cc
babystart .eu bestsavezz9 .co .cc
badlhby .com bestseller4you .at
bazarnet .com .mx biberhapiturkiye .org
bekqjcra .co .cc bilgininefendisi .net
benyd .co .cc bipilyqomyusvuhy .co .cc
bicigrino .info bjalumericz .co .cc
bridezion .de butikk .losnaspelet .no
buenapetito .net candjconsulting .us
calicompras .com casacristorey .com .mx
ccanlitv .com cheekybrats .com .au
chammaope .co .cc cloudisthebestnow .com
chiri-junior .nl coebfjqmkhsn .co .cc
clubshirts .info companions411 .biz
comp-s .co .cc corporate-pc .com
deesis .com .pl digitalelectronicsolutions .biz
derise .ee eatmyshortsforever .info
dj1stop .com eshop .mr-servis .cz
dnfwg .bz eventhorizon .biz
e-life .com .mxl eynuqacjrtiz .co .cc
easfindnex .org firsaturunlerim .com
egeoptik .com freestyle-shop .ch
eglash .com gameartisans .org
evage .biz geraeuschwelten .de
feit23 .com getmoney4me .co .cc
findermar .org goumucnypuxuhyikzi .co .cc
findrasup .org hiokirygohxinugohu .co .cc
fliq .de huafeichzh1002 .com
games520 .cn ifohviwihuuxitqoil .co .cc
gawex .com .pl ifyfgybyuxisoffu .co .cc
gct .ro ihquyrvutyridyuwyj .co .cc
gentian .no ijojinhuxifykygysu .co .cc
gomytds .com imdjrsfybnav .co .cc
guihua .com .hk incom-sale .co .cc
hdegalchoxk .com indextechnology .info
hryjhuklo .co .cc inoltoumydonulijuk .co .cc
hydromasaze .com inselfdefence .com
ibdumycp .co .cc iranagrishop .com
ideazzz .ru iroqimcuohubizgooh .co .cc
ignitionlb .info irstnationarts .com
imalaya .eu jasoncorrick .co .uk
indextech .info kiboinikixuvquliro .co .cc
indovic .net krghiqyiht .co .cc
infoshok .info kundalinibooks .com .au
irpen .biz kyogpylymypusulojo .co .cc
issanni .net lojavirtual .versameta .pt
iwanti .co .cc machineinterface .net
iyqvogx .co .cc marinestores .biz
jepabhto .co .cc microdermals .com
kadin21 .com mikhailriubertsov .com
kiaxmh4 .co .cc movieartsworld .com
klimuszko .net msproductions .be
krasevka .si murgiaintavola .it
krclear .com nethealthcarego .com
kuub .com nettohoffnung .de
lanpower .se omsuimuhysjoujiqip .co .cc
leathershop .be opimuzxiyrxigoiwur .co .cc
ltcsi0 .co .cc ostozuorypofitjuti .co .cc
ludf .net pahomefinance .net
mingfai .info promotechmexico .com .mx
minitar .com .tw prozoomhosting .net
mvchorus .org ptvibnrjeayh .co .cc
nitmail .com pucrsnihoqy .co .cc
olek .co .uk qbhomskuine .co .cc
opco .co .ir qyczejdlita .co .cc
opliyng .com realcleaner23p .co .cc
paketic .com recoverinstyle .net
parisa .lt relogio-de-ponto .com .pt
pcmall .ro rithubmolnda .co .cc
pentruacasa .com riyvroiqfoydcilifo .co .cc
pqusrzycd .co .cc rnoqzydjuia .co .cc
pubaxj .co .cc ryliydulivuvdojo .co .cc
pursuitspt1 .com rywutydymoxyodygyt .co .cc
qcumoyh .co .cc sdemfjotuc .co .cc
quadroufo .com search-portal .co .cc
quecumbar .co .uk sensicacciaepesca .com
rcchina .com .cn sink-o-mania .com
rhodiola .com .mx siycugufryyrkoylky .co .cc
ridcamybv .co .cc sklep .autorud .pl
rotas .lt sklep .mago .com .pl
rpdkjuaft .co .cc sklep1 .vinylove .pl
rybidlzck .co .cc skleplotniczy .pl
sammlereck .info smallspacearts .com
shopzone .ir smartbestav10 .co .cc
skintwo .biz soposhinvitations .com
sklep .af .com .pl sounluolvuoxyqixky .co .cc
sklep .kafti .com spacevisionarts .com
skriptorium .at sportfishingarts .com
smscom .nl sprqucoatz .co .cc
snews .com .tw sslillisilsltlis .com
spine .com .br szemuvegkeret .com
standrite .com teldatawarehouse .com
stvpar .info teoflowerbulbs .ro
tiouw .nl ucywmuziboytylwi .co .cc
triominos .ru unotufukujygugusto .co .cc
ullihome .de uptowntrellis .co .nz
uralweb .ru upykhogupiybuwojyz .co .cc
viasapia .com .br usbokuycryocyjykqi .co .cc
vita-bhv .nl vobyumfoodzygubuyv .co .cc
webgetwise .com widlak-market .com
webmas .ca wireandthewood .com
wesellmac .com xodovumuycguhyujip .co .cc
wscll2 .net yfwiiwoqwipihovo .co .cc
wz978 .net ygitysbocysokuujok .co .cc
xfour .es ynywyvtioxiloghoin .co .cc
yeti .com .pl yourbestchose .co .cc
ykraivec .co .cc yzirukwoilokocpohi .co .cc
zeferesds .com

NortonDNS

Posted on June 11th, 2010 in Domain News by dglosser

Norton DNS provides alternative DNS servers that can be used by any Internet-connected device. Their DNS servers will also block malware and phishing websites.

It’s currently a free beta available on 198.153.192.1 and 198.153.194.1. Visit http://www.nortondns.com/ for more information.

For home users, the following may be a nice setup:

Or, for the more technical, running James McQuaid’s “DNS Super Black Hole” would provide even better protection.


For those running their own dns servers, running the dns-bh list internally while pointing to Norton’s DNS may be worth considering.


Right now their service is free, we are not sure if this service will remain free or will need to be purchased after the beta is over.

site delisting: ww-dot-robint-dot-us

Posted on June 9th, 2010 in 0day,exploit,iframes,New Domains,Removed Domains by dglosser

ww(dot)robint(dot)us will be delisted: see http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100609 for details