Feed

June 27 update – BH Exploit Kit, Run Forest Run, fariet domains

Posted on June 28th, 2012 in BH Exploit Kit,exploit,New Domains by dglosser

A small but important update with some fariet, run forest run, bh exploit kit domains. Sources include blog.eset.com, microsoft.com, blog.urlvoid.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Runforestrun update

Posted on June 26th, 2012 in 0day,exploit by dglosser

Old versions of Plesk store passwords in clear text
->   http://blog.unmaskparasites.com/2012/06/26/millions-of-website-passwords-stored-in-plain-text-in-plesk-panel/

There is  a remote  SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those
passwords.
-> http://kb.parallels.com/en/113321

 

Combine these two together and what do you get, malware of course.

Plesk Vulnerability Leading to Malware
http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html

Runforestrun and Pseudo Random Domains
http://blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/

Run, Forest! (Update) – block 95.211.27.206

https://isc.sans.edu/diary/Run+Forest+Update+/13561

 

We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block.

 

(Thanks to Jack W. for keeping us up-to-date on these developments.)

 

 

Java Exploits, malicious advertising, SutraTDS

Posted on May 26th, 2012 in exploit,malvertising,New Domains by dglosser

Added over 100 domains associated with malvertising, java exploits, htaccess redirects…  Sources include hosts-file.net, www.mwis.ru, sucuri.net (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Exploit Domains, iframes, malvertising

Posted on May 6th, 2012 in BH Exploit Kit,exploit,iframes,malvertising,New Domains,zeus by dglosser

Added over 140 domains associated with exploits, malvertising, ransom/rogues, and of course zeus, etc. Sources:www.mwis.ru, vxvault.siri-urz.net, vxvault.siri-urz.net (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details. NO ZONE FILES ARE LOCATED ON THIS SITE.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Over 250 malvertising, flashback, phishing domains

Posted on April 12th, 2012 in exploit,malvertising,New Domains,Phishing,Trojans by dglosser

Added over 250 domains linked to flashback, phishing, malvertising, etc. Sources include www.threatexpert.com, private correspondence, contagiodump.blogspot.com and others. Please update your blocklists/sinkhole  and follow  our Terms of Use.

Reminder: the main site does not contain any zone files. Only download files from one our our download mirrors.

cybercriminal, hiloti, trojan domains…

Posted on March 28th, 2012 in New Domains by dglosser

Added 164 domains associated with trojan activity, cybercriminals, hiloti, etc.  Sources include iseclab.org, amada.abuse.ch, www.spamhaus.org and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…
exposure.iseclab.org/malware_domains.txt

200+ Domains Added

Posted on March 15th, 2012 in BH Exploit Kit,exploit,New Domains,Trojans by dglosser

Old Added over 200 domains (on the 13th, sorry about the late post) associated with pornmocup, black hole exploits. sakura, crimepack, etc. Sources include hosts-file.net, www.malwareurl.com, c-apt-ure.blogspot.com and others (all sources are listed in our domain.txt file.)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

Big Update: 170+ New Domains

Posted on March 2nd, 2012 in exploit,malspam,malvertising,New Domains by dglosser

Added over 170 domains associated with exploits, htaccess redirects, malicious iframes, malicious javascript and other badness. Sources include exposure.iseclab.org, amada.abuse.ch, hosts-file.net and others (every source is  listed in the domains.txt file). Please update your blocklists/sinkhole  and follow  our Terms of Use.

Reminder: the main site does not contain any zone files. Please download files from one our our download mirrors

Carberp, IceX, malvertising, sinowal domains

Posted on February 19th, 2012 in exploit,iframes,malspam,malvertising,New Domains,Trojans,zeus by dglosser

109 new domains added.  Associated with Carberp, IceX, malvertising, sinowal, Zeus, etc. Sources: zeustracker.abuse.ch, spamhaus.org, urlquery.net, google safebrowsing and other (every source is  listed in the domains.txt file)

Compressed files are located at: http://www.malware-domains.com (full zone files, note the dash)  and http://dns-bh.sagadc.org/.  We also have a mirror dedicated to research and Open Source Projects – contact us for details.

* Please help to keep this site free and donate whatever you can:  All donations go to hosting and infrastructure costs.
* These malware block lists provided here are for free for noncommercial use as part of the fight against malware.   Any use of this list commercially is strictly prohibited without prior approval.
* Please use the “datestamp” and “timestamp” file to determine if the list has been updated and ONLY pull the files you need – abusers will be banned! Use the “wget -N”!
* Yearly sponsorships are available. Full acknowledgment, an icon, and link back to your site will be placed in the left sidebar.
* Domains.txt file is the complete list along with original reference. Justdomains contains list of only the domain names. BOOT file is in MS DNS format. Malwaredomains.zones file is in BIND format.  Also Available in AdBlock, ISA, and MaraDNS formats. A trusted source on the WOT-the Web of Trust . Used by SURBL, MOREnet, SANs, and others…

 

Please give it a try and let us know…

 

Another 200+ domains Added

Posted on February 10th, 2012 in exploit,malvertising,New Domains,Trojans,zeus by dglosser

Added 200+ domains associated with the usual exploits, trojans, malvertising, etc. Sources include wepawet.iseclab.org, hosts-file.net, abuse.ch (every source is  listed in the domains.txt file). Please update your blocklists/sinkhole  and follow  our Terms of Use.

« Previous PageNext Page »