Mass File Injection Attack Domains
Sans reports on several domains which contain a malicious JavaScript that pulls down a file associated with Zlob:
hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js
These, along with other domains, have been added to the malware blocklist:
02to cn 9191my com 1000dog cn 91dna com 123cha com 96my com 13996 net aardappel eigenstart nl 13ux com achongsoft com 17cha net ads520 com 203pk cn advertyz com 31fa com avihelper com 50blog cn fileave com 51ysc cn free hostpinoy info 531140 com kisswow com cn 55265 net mpeghelper com 57ez com rightonadz biz www brasilon-line com
Help fight spyware: Join the Spyware Listening Post!
domains.txt file is the complete list along with original reference
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format