Feed

BH-DNS Update: 200+ Domains Added

Posted on February 8th, 2012 in New Domains,rogue antivirus,Trojans by dglosser

Added over 200 domains associated with Palevo, Fake AV,BPhoster, htaccess redirects, etc. Sources include zeustracker, xylibox, abuse.ch (every source is  listed in the domains.txt file)

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

bhexploit, htaccess redirects, Incognito, PDF exploits…

Posted on February 6th, 2012 in exploit,New Domains,rogue antivirus,Trojans by dglosser

Added 119 domains listed on xylibox.blogspot.com, malekal.com, exposure.iseclab.org and others (every source is  listed in the domains.txt file). Please update your DNS blocklist/malware sinkhole  and follow  our Terms of Use.

wget -N

Posted on February 5th, 2012 in New Domains by dglosser

We’ve received feedback that the  “wget -N” option works well and will only fetch a new file  if the remote file is more recent. Please utilize this option and remember to

a) only pull the one file you need (such as justdomains or malwaredomains.zones)

b) check to see if the file has been updated (by either using the wget -n command above or first checking the timestamp file.

c) only check every 12 hours (24 hrs is even better)

Violators are being banned daily.

Incognito, malspam, purplehaze domains

Posted on February 3rd, 2012 in exploit,malspam,Trojans,zeus by dglosser

Added 138 malicious domains associated with purple haze, Incognito, malspam, zeus, msupdater, etc. Sources include exposure.iseclab.org, zeustracker.abuse.ch, blog.dynamoo.com (every source is  listed in the domains.txt file)

Reminder: the mirror for compressed zip files is up and running – please contact us for details – right now it has very little usage.

Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned!
Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
Domains.txt file is the complete list along with original reference.
Justdomains contains list of only the domain names.
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

fastflux, malicious javascript, and spyeye… oh my

Posted on February 1st, 2012 in malspam,malvertising,New Domains,rogue antivirus,Spyeye by dglosser

Added 129 domains associated with malicious javascript, spyeye, pdf exploits, etc. Sources: www3.malekal.com/pdf.txt, exposure.iseclab.org, sucuri.net and other s(every source is  listed in the domains.txt file). Please update your blocklists/sinkhole  and follow  our Terms of Use.