Feed

Domain download abuse

Posted on January 1st, 2012 in Domain News by dglosser

We just checked some server statistics… Started fresh for 2012…  How is it possible for 17.51 MB of files to be downloaded in 2012 and the day isn’t over yet???

Unfortunately, we are forced to continue to ban IP addresses which for whatever reason continue to abuse our download servers.

Hosting costs money. Please contribute whatever you can.

DNS Blackhole with iRules

Posted on December 31st, 2011 in Domain News by dglosser

Interesting article about integrating Blackhole DNS with F5 irules.

Free Domain Name Registrars

Posted on December 28th, 2011 in Domain News by dglosser

The Internet Storm Center recommends blocking the following domains in this post:

  • .nl.ai
  • .c0m.li
  • .cd.am
  • .coom.in

We want to make you aware that we have the following lists:

The domains listed in each of these files are NOT included in the DNS-BH Blocklists.

It’s up to you if you wish to block, track, or allow access to these domains.

Urgent Block: BlackHole Exploit Kit redret Spam Domains

Posted on December 6th, 2011 in 0day,Domain News,malspam by dglosser

From the Internet Storm Center, please block the following domains:

  • czredret . ru
  • curedret . ru
  • ctredret . ru
  • crredret . ru
  • bzredret . ru
  • byredret . ru
  • bxredret . ru
  • bwredret . ru
  • bvredret . ru
  • bsredret . ru
  • bpredret . ru
  • boredret . ru
  • blredret . ru
  • bkredret . ru
  • biredret . ru
  • bhredret . ru
  • bgredret . ru
  • bfredret . ru,
  • beredret . ru
  • bdredret . ru
  • bcredret . ru
  • bbredret . ru
  • aredret . ru
  • apredret . ru
  • amredret . ru
  • alredret . ru
  • akredret . ru
  • ajredret . ru
  • airedret . ru
  • ahredret . ru
  • agredret . ru
  • afredret . ru
  • aeredret . ru
  • adredret . ru
  • acredret . ru
  • abredret . ru
  • aaredret . ru

and be on the lookout for more domains containing the string “redret” (hmmm I wonder if adbblock or mywot can handle regex..).

IP addresses to block are also in the article.  Also see this article.  Will be added here but you shouldn’t wait.

Immortal Domains

Posted on November 14th, 2011 in Domain News,immortal,New Domains by dglosser

We just finished recertification of 237 long-lived, “immortal” malware domains.

These are domains which continue to actively serve malware for months if not years.
Some of these domains have been active here for more than two years.

Of those 237 domains, 34, or less than 15% were removed.

That means that over 85% of these long-lived domains are truly “bulletproof”, and  have remained  actively malicious for over two years.

The list of those few removed domains is here: removed-domains-20111112.txt

List of these “immortals”  is here: immortal_domains.txt

Dynamic DNS

Posted on November 4th, 2011 in Domain News,dynamic dns by dglosser

We’ve updated our list of Dynamic DNS Providers.    This is for information  purposes only and is not part of our blocklists. ..

The list is here or here.

Clarifications, updates, corrections appreciated as always

List Recert: 653 Domains Removed

Posted on November 1st, 2011 in Domain News by dglosser

Of the 740 domains which were re-certified,  653 Domains have been removed.

88 of those domains, which were originally listed over six months ago, were STILL actively associated with malware.

These domains were added to our list of long-lived, “immortal” malware domains.

List of removed domains is available here:

http://mirror1.malwaredomains.com/files/removed-domains-20111031.txt

List of “immortal domains” here.


Also,  a clearification – permission is granted if you wish to use these lists for INTERNAL use only at your organization or company.

Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need. – abusers will be banned!

We also have a mirror with compressed files dedicated for academic research, people who contribute and support malwaredomains,  other non-profit activities.  Please contact us for details.


Bulk Registrars, URL Shorteners, Dynamic DNS Providers

Posted on October 27th, 2011 in Domain News by dglosser

We’ve been maintaining  lists of Bulk Registrars, Dynamic DNS Providers, and URL Shorteners..

http://www.malwaredomains.com/wordpress/?p=1991

We just added a new list of “unverified” URL Shorteners here: url_shorteners-unverified.txt

We’ll be going through the URLs and adding them to the main list once they have been verified. If anyone wishes to help in this effort, please let us know :)

Malware Defense

Posted on October 18th, 2011 in Domain News by dglosser

Nice mention of this list as part of the Internet Storm Center’s Critical Controls #12  – Malware Defense.

DNS Sinkhole Parser Script Update

Posted on October 16th, 2011 in Domain News by dglosser

DNS Sinkhole Parser Script Update

For those using Guy Bruneau’s DNS Sinkhole ISO, there’s a new sinkhole parser script available.

The new script contains new lists which were not part of the original list.

More information:
http://isc.sans.org/diary/DNS+Sinkhole+Parser+Script+Update/11818

http://www.whitehats.ca/main/index.html