Feed

DNS-BH Update: 62 new domains

Posted on September 30th, 2008 in asprox,iframes,New Domains,sql injection by dglosser

60+ rogue antivirus, fake security sites, asprox domains.

Sources: sunbeltblog.blogspot.com, ddanchev.blogspot.com, shadowserver.org, and others:

0scanner .com homesecuresite .com
1o0o1 .com hotfreexxx .info
anti-spyware11 .com hotmovies69 .com
anti-spyware4 .com ienewbar .com
anti-spyware8 .com ilizium .com
anti-virus-xp .net km31539 .keymachine .de
krasotki .cn antimalwarewarrior2009 .com
antispywareinc .org mega-drugstore .net
antivirus-buy1 .com mega1search .com
antivirus-cs1 .com mentoe .ru
antivirus-cs14 .com mfads .com
antivirus-cs15 .com mheop .ru
antivirus-cs4 .com newwmpupdate .com
antivirus-cs5 .com online-sex-video .com
antivirus-cs8 .com openmenow .com
ytgw123 .cn personalantispy .com
seooss .info pestsweeper .com
bestbloggin .com pormce .ru
bestbookblog .com qwertypages .com
besthostdot .com ratedcontentsite .com
bettasearch .com realpicmov .com
charitymob .com secureharley .com
clearcontentsite .com antivirusfulldefence .com
clearpornurlssite .com spysoap .com
cnnworld .org uncensored-p0rn .info
ctiry .ru ungds .com
deryv .ru uniqueadult .com
dnserrorview .com upgrade-your-software .com
euroclubinfo .com viagrageneric .org
freeantivirus-online .com west-video-ass .info
xenbv .ru wmpware .com
yrhfn .com antivirus2008exp .com

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

ytgw123 (dot) cn – block immediately

Posted on September 29th, 2008 in asprox,Domain News,New Domains by dglosser

The Internet Storm Center has two important articles:

1. 10 signs you might be compromised, and don’t even know it

2. ASPROX mutant

The asprox domain – ytgw123 (dot) cn is injected using a via a cookie.

A quick search on google  (hxxp://www.google.com/search?q=ytgw123 – don’t click on any results!) reports New York Methodist Hospital, quicklogic, and others are infected.

Domain will be added on the next update, but you  should not wait.

42 New Domains to add to blocklists

Posted on September 21st, 2008 in asprox,rogue antivirus,sql injection,zlob by dglosser

Some asprox, zlob, fake security pages, rogue antivirus domains to add to your blocklist.

Sources:  www.matchent.com, sunbeltblog.blogspot.com, www.dynamoo.com, and others.


32ddk .name homesiteurls .com
3confirm .ws hqsextube08 .com
3cookie .tv ierenewals .com
4ssl .bz int3rn3t-d3f3ns3s .com
4ssl .ws mnbenio .ru
51com .ru mnicbre .ru
5jsp .bz movsdevices .com
64crypt .cc pkseio .ru
6usa .us protectnotice .com
73comm .asia prt3ctionactiv3scan .com
7confirm .gs secure4 .cc
9control .tk securealertbar .com
aabb1122 .com add-block-plus .net
ssl81 .in eantivirus-payments .com
asp1tw .com total-secure2009 .com
bank7 .name urlsofdnserrors .com
conf68 .mobi user9 .bz
vtg43 .ru vassariumpromo .com
eufnt .com vjccc .com
ss11qn .cn fastshortcuts .com
xbstw .com wmptools .com

Contact us if you want to help us keep the Malware Blocklist current.Domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

60 new domains to add to your blackhole domain list

Posted on September 16th, 2008 in asprox,Domain News,fake codecs,New Domains,rogue antivirus,sql injection by dglosser

rogue antivirus domains, asprox, sql injection domains. Sources: malwaredatabase.net, www.emergingthreats.net, www.matchent.com, www.threatexpert.com, and more.

2bank .su com62 .gen .in
2online .su dll82 .biz
5asp .su do18 .mobi
5aspx .ws enhancedie .com
5bank .su ex6 .ru
5cfm .cc getoutdoors .net .au
64asp .ru hfnvp .com
7asp .su id92 .bz
800mg .cn jjyyzmj .cn
8aspx .su jsp25 .mobi
8com .name jsp27 .co .uk
aijingru .com jsp51 .mobi
juc8 .ru amistypedurl .com
antivironline .com linkfordesktop .com
zmjjjyy .cn antivirus-xp-08 .net
asp24 .su classicmediapl .com
asp28 .eu observesecure .com
asp62 .biz pagesuploader .net
asp62 .mobi prtectionactivescan .com
aspx12 .su santa-inbox .com
aspx46 .com smart-antivirus2009v2buy .com
aspx56 .biz smartantivirus-2009v2buy .com
aspx8 .biz smartantivirus2009v2-buy .com
bank19 .mobi smartantivirus2009v2 .com
check9 .biz smartantivirusv2 .com
locm .ru spyrix .ru
com45 .su spyware-quickscan-2008 .com
com51 .su sweathomepage .com
com52 .co .uk turkonz .com
net83 .ru yuiqd .com
gcodecadult2008-17 .com codec-portal08 .com

Contact us if you want to help us keep the Malware Blocklist current.domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND formatAlso available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

DNS-BH Blocklist: 75 new malware domains to block

Posted on September 10th, 2008 in asprox,rogue antivirus,sql injection by dglosser

Over 75 new domains. Sql Injection, asprox,  fake security pages, rogue antivirus. Sources:  sunbeltblog.blogspot.com, malwaredatabase.net, www.dynamoo.com, and others:

19ssl .net alldiskscheck300 .com
22net .ru altawebgl-500 .com
24aspx .com antispyware-free-scanner .com
2aspx .net antivirussecurity-solution .com
4net9 .ru aprotectionhelp .com
56ssl .com as-pro-xp-download .com
58ssl .com masterspitetds09 .com
64asp .ru brokenurls .com
64do .com cusln .com
6aspx .com dailyhomesite .com
74asp .net desklinks .com
81ssl .com directrevisions .com
83asp .co doups .cn
8ssl .net download-base .com
92prt .ru download-soft-4free .com
9aspx .net download-soft-basez .com
9ssl .net online-security-systems .com
acr34 .ru filescheck-list303 .com
jzm013 .cn firstaidclicks .com
jzm014 .cn freeonlinescanner9 .com
jzm015 .cn seamastersoft .com
asl39 .ru googlescanners-360 .com
eufks .com homepagetoday .com
fst9 .ru xp-licensingpages .com
ms-avc .com protectionpurchase .com
hs7yue .cn xpprotector .com
net83 .ru immediallc .com
nowherepage .com intervidd .com
ok2bstr8 .com msantivirus-xp .com
on1000000 .cn pcsdefender .com
hxg008 .cn safensecurebar .com
oryfn .com soft-upgrade-network .com
ieextend .com softlayerdll .com
slivtraf1 .com software-downloadz .com
pwrware .com spypreventers .com
qingfeng01 .cn webprobar .com
rycsp .com windows-av .com
sel92 .ru winsecuritydl .com
minimal345 .com >winxp-antivir-on-line-scan .com

Contact us if you want to help us keep the Malware Blocklist current.domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Over 100 new domains to block

Posted on August 26th, 2008 in asprox,fake codecs,New Domains,rogue antivirus,sql injection,zlob by dglosser

Lots of rogue security domains, some asprox, some zlob. Sources: sunbeltblog.blogspot.com, ddanchev.blogspot.com, malwaredatabase.net, and others:

1000ylc .cn codecservice1 .com
2008antivirus .net codecservice6 .com
2008antivirusxp .com antivirus-noadware-2008 .com
2antivirus2008 .com encountertracker .ws
3antivirus2008 .com expressantivirus2009 .com
5antivirus2008 .com faunarium .net
6antivirus2008 .com antispyware2008sales .com
8antivirus2008 .com freeantivirus2009 .com
adult-s-portal .com freevidshardcore .com
adult-x2008 .com thefunny-08 .com
firstblu .cn fwlprocedure .com
gnaa .us antispydeluxe2009 .com
antitrojan-2008 .com hotadulttube08 .com
antivir-64 .com moyapodruzhka .com
antivir2008 .us mpegadaptationcom
antivir2009 .com msantivirusxp .com
antivirus-2008-xp .com msscanner .com
antivirus-2008 .org myantivirusprotection2009 .com
antivirus-best-2008 .com newcontent-s2008a .com
crklab .us newfunnyvideo .com
antivirus-pro-2008 .com norton-antivirus-2007 .com
funny-08 .com norton2009antivirus .com
antivirus2008-pro .com nortons2009antivirus .com
antivirus2008-pro .name nortonsantivirus2009 .com
antivirus2008-pro .org porndebug .com
antivirus2008b .net pornmoviestube .net
antivirus2008m .net realonlinevideo-2008 .com
antivirus2008n .net antivirus-protection2008 .com
retoneva .com scanner-prot .com
antivirus2008pro .name secure-online-antivirus .com
antivirus2008v .net sexlookupworld .com
siteresults1 .com sfwinstrument .com
antivirus2009free .com antivirus2008pro-download .org
antivirus777 .com spywarepreventer .com
stars-08 .com starfeed1 .com
antivirusonline-2009 .com antivirus2009-freeverscan .com
antivirusq .net thebigstars-08 .com
antivirusr .net thebigstars2008 .com
antivirussofware2008 .com yourfavoritetube .com
antivirussolution2008 .com themusic-08portal .com
antivirusu .net thestars-08 .com
antivirusw .net thestars08 .com
antivirusxp2008 .org thestars2008 .com
bestcelebs .ru topdirectdownload .com
bestfunnyvids .com topsoftupdate .com
beyru .ru win-antivirus-protect .com
celebs69 .com windows-antispyware-2008 .com
celebsnofake .com worldstars2008 .com
celebstape .com antivirusfreescan2009 .com
celebsvidsonline .com xp-2008-antivirus .com
wwvyoutube .com xp-antivirus-2008 .com

Contact us if you want to help us keep the Malware Blocklist current.domains.txt file is the complete list along with original reference.Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

dnsbh update – 61 asprox, fake antivirus domains

Posted on August 22nd, 2008 in asprox,fake codecs,rogue antivirus,sql injection by dglosser

asprox, storm worm, rogue antivirus domains, and more domains to add to your domain blacklist.
Sources: www.matchent.com, www.sudosecure.net, www.abuse.ch,ddanchev.blogspot.com, and others:

2000y .net flashbill .netrbn
aaszxe .ru freepostcardonline .com
aaszxi .ru g26 .su
aaszxo .ru harrowonthehillsfk .info
aaszxp .ru hassomeonelostininter .net
aaszxq .ru antivirusxp-08 .net
aaszxr .ru yourlettercard .com
aaszxt .ru jetp6 .ru
aaszxu .ru loginconfirm .su
aaszxw .ru loginupdate .su
aaszxy .ru loginverify .su
n73 .su loopk .ru
avalonpay .com digitalaudiopostcard .com
b8c .su netr2 .ru
bankconfirm .su nucop .ru
bankupdate .su oldpostcardshop .com
bankverify .su port04 .ru
iopoe .ru supergreetingcard .com
beyry .ru superlettercard .com
biblegateway .com ueur3 .ru
blatundalqik .ru userconfirm .su
brprbgok6 .com userupdate .su
c6c .su userverify .su
c75 .su v95 .su
che .js verifybank .su
confirm .su vj64 .ru
wk8 .su vvb .su
econfirm .su wfrules .ru
f38 .su bestlettercard .com
f48 .su worldpostcardart .com
iopc4 .ru

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

Rogue antivirus, asprox, rbn domains: add to blocklist

Posted on August 17th, 2008 in asprox,New Domains,RBN,rogue antivirus,sql injection by dglosser

Rogue antivirus, asprox, rbn domains to add to your blocklist. Sources:
blogs.zdnet.com, rbnexploit.blogspot.com, safeweb.norton.com, and others:

3gigabytes .com googlecomaolcomyahoocomaboutcom .net
3njx .ru guagaga .net
ujnc .ru hirza .net
a814 .cn i56web .org
acs86 .com idolhotels .com
okcd .ru jckxjcux .com
adwarealert .com a-nahui-vse-zaebalo-v-pizdu .com
nbh3 .ru mgconstrucoes .com
bcus2 .ru adware-download .com
bluexzz .cn windows-scanner2009 .com
paiuuag .net byronadvertising .eu
cb3f .ru antivirus-2009-pro .com
ccuuuag .biz pizdos .net
cnld .ru registryupdate .org
cv34 .co .uk scforum .info
db23 .co .uk stopgeorgia .info
ewwxbhdh .com stopgeorgia .ru
favoredtube .com toksikoza .net
givuifib .com google-analysis .com
ohueli .net vavscan .com
killgay .com yandexshit .com
yuku .com worknssrv .cn

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

DNS-BH Update: asprox & fake antivirus domains to block

Posted on August 11th, 2008 in asprox,rogue antivirus by dglosser

Malicious domains include lots of rogue antivirus, fake antimalware, and asprox domains.

Sources: www.shadowserver.org, www.matchent.com, sunbeltblog.blogspot.com, malwaredatabase.net, and others:

sss0 .co .uk antispyware2008scanner .com
sss2 .co .uk softwareantivirus2008 .com
ter2 .co .uk free-2008-antivirus .com
testyourantivirus .com free-2008-antivirus .net
ticketlight .com free-antivirus-2008 .com
xp2008antivirus .net free2008antivirus .com
ysh2 .co .uk free2008antivirus .net
zirvehit .com getas2008xp .com
ds12 .co .uk software-2008-antivirus .com
ds92 .co .uk software-2008-antivirus .net
ia-license com software-antivirus-2008 .com
ia-payment com software2008antivirus .com
ia-scanner com software2008antivirus .net
ia-support com softwareantivirus .net
Internet-antivirus .com 2008-software-antivirus .net
internetsecuritydeluxe .com 2008-xp-antivirus .com
nowantivirus .com 2008antivirusfree .com
rr3 .co .uk 2008antivirusfree .net
as2008dl .com 2008antivirussoftware .com
dfs3 .co .uk 2008antivirussoftware .net
antivirus2008free .com 2008antivirusxp .net
antivirus2008free .net 2008freeantivirus .com
antivirus2008software .com 2008freeantivirus .net
antivirus2008software .net 2008softwareantivirus .com
antivirus2008xp .net 2008softwareantivirus .net
antivirus2009-software .com 2008xpantivirus .net
antivirusfree2008 .com antivirus-2008-free .com
antivirusgl .com antivirus-2008-free .net
antivirusprotection .us antivirus-2008-software .com
2008-antivirus-free .com antivirus-2008-software .net
2008-antivirus-free .net antivirus-free-2008 .com
2008-antivirus-software .com antivirus-software-2008 .com
2008-antivirus-software .net 2008-free-antivirus .com
2008-antivirus .net 2008-free-antivirus .net

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

44 new malicious domains to block

Posted on August 8th, 2008 in asprox,fake codecs,rogue antivirus,sql injection by dglosser

malicious domains include asprox, malspam, rogue codecs, fake antivirus.

Sources: garwarner.blogspot.com, safeweb.norton.com, www.matchent.com, bharath-m-narayan.blogspot.com, and others:

1000mg .cn op21 .co .uk
arjahevif .com plgou .com
attomega .com mpegutility .com
aykjfgves .com pressdownloadtostart .com
ba1do .com red-codec .net
bardaue .com .br renderize .net
bkgpfgves .com sdo .1000mg .cn
busyfgves .com sibercar-card .com
dmiafgves .com sol .innopulse .es
faj4ehght .com squinento96 .com
famoutoito .net ticketmoon .net
pov .ru tm19 .co .uk
nitrocodec .net ui27 .co .uk
gfdpves .com wr28 .co .uk .
hhr2ehght .com xxkk .net
hwh2ght .com flwinstrument .com
iwi5fgves .com megabestsoftnah08 .com
o23 .co .uk gabfundopv .com

Contact us if you want to help us keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!