Feed

Mass File Injection Attack Domains

Posted on May 12th, 2008 in iframes,New Domains,zlob by dglosser

Sans reports on several domains which contain a malicious JavaScript that pulls down a file associated with Zlob:

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

These, along with other domains, have been added to the malware blocklist:

02to cn 9191my com
1000dog cn 91dna com
123cha com 96my com
13996 net aardappel eigenstart nl
13ux com achongsoft com
17cha net ads520 com
203pk cn advertyz com
31fa com avihelper com
50blog cn fileave com
51ysc cn free hostpinoy info
531140 com kisswow com cn
55265 net mpeghelper com
57ez com rightonadz biz
www brasilon-line com  

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Comments are closed.