Feed

DNS-BH Update: 130+ Bad Domains to Block

Posted on January 28th, 2009 in asprox,Domain News,New Domains,rogue antivirus,sql injection by dglosser

Domains associated with  gozi, zlob & waledac, fake security domains, domains containing exploits, asprox domains, and other bad stuff. Sources include: www.securityzone.org, ilion.blog47.fc2.com, www.matchent.com/wpress, www.abuse.ch, and others:

111281 .com 32rundllfunc .biz
2009aaaa .cn 50label-map .com
2009bbbb .cn 59comm-cookie .biz
2009cccc .cn 76text-crypt .net
2009dddd .cn 7batchshare .biz
2009eeee .cn admin-batch97 .biz
2009ffff .cn adobereunionplayers .com
2009gggg .cn adorelyric .com
2009hhhh .cn adoresongs .com
2009iiii .cn ajakemegood24 .com
2009jjjj .cn antispywareprolivescanner .com
2009kkkk .cn antivirusxppro2009 .com
2009llll .cn apidefault57 .com
2009mmmm .cn av-xp-2008 .com
2009nnnn .cn bestgoodnews .com
23drf .com bestlovelong .com
2omitunen .com bestmyscanneronilne6 .com
3344g .com cmdidini32 .biz
5uzj .cn code-func42 .biz
709sese .cn collectrefund-irs .com
98032 .com .cn comm-cipher67 .name
9991 .com completeadplayer .com
a3451 .inf corebank98 .biz
adorepoem .com danicamarkovic .ca
baomaaa .cn debug-script40 .biz
bengchizz .cn dyatlyonok .org
bestadore .com edcomparison .com
besttiger .net energydownloadr .com
cfm-sid7 .net fast-antiviruspro-scan .com
chminuten .com fmhxqutvccr .org
cxaaaa .cn fmkopswuzhj .biz
fnygfr .com funloveonline .com
fuadrenal .com getluckytoday .cn
fuougcdv .org gnyluuxneo .com
fvwugekf .info godsaveporn .com
fwkbt .info google-analyze .cn
gbrpn .org google-analyze .org
gbxpxugx .org hardmoviesporno .com
ghtileh .biz hxhxl-cash .net
go4scan .com installincomputers .com
grogster .com intalldetrosflash .com
hhj5 .cn knizhechka .info
hhj7 .cn kolonochka .info
hmwzq .cn liveantivirusscanner .com
hnscsj .com ma7she .zapto .org
hops-part .com map-ref95 .com
icaapi .com nesco-online .com
id-x02 .cz newoneplayersl .com
ifengw .com odile-marco .com
in4ik .com pool-org23 .name
ip315 .net premiumlivescanner .com
irs-2009 .com privaetprotectedupdates .com
krantik .info prostflashplayer .com
makechange .ru rdir-site81 .name
newscan6 .com scan4ever .com
oc00co .cn scanlabsonline .com
qwehost .com scansafeonline .com
rusibank .com scanstability .com
rx-white .com securityonlinescan .com
tvtvmg .com setuprupdates .com
vika .cn tidport85 .biz
vjhdo .com total-defender .com
weixk .com video-share .servegame .org
wsxhost .net wawatoolbar .com
xfucked .org win-pool21 .biz
yasir .biz yahoo-analytics .net
zoom-bags .nl youradore .com
zxchost .com yourgreatlove .com

Contact us if you want to help us keep the Malware Domain Blacklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates.
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format. spywaredomains.zones file is in BIND format.
Also Available in AdBlock, ISA, and MaraDNS formats.
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…
Contact us if you want to help us keep the Malware Domain Blacklist current.

zlob, fake antivirus domains, and other threats to block

Posted on November 19th, 2008 in New Domains,zlob by dglosser

Sources include: secubox.aldria.com, www.threatexpert.com, www.malwaredomainlist.com, and others:

2ru .us abilena .podolsk-mo .ru
abcdepage .com jrdmgfxes .com
kdvty .com bestsecureexpertcleaner .com
ahack .info lazymp3z .com
ahdirz .com linkprivatedocs .com
alertnewsblock .com linskondesktop .com
alertsafenews .com luckyclipz .com
alexastats .ru main-downloadportal .com
allprivatelinks .com main-downloadportal .net
aoyafgves .com main-porn-hub .com
archiveviewsoftware .com main-softwaredownload .com
aseachengine .com main-softwaredownload .net
asearchnget .com mediamovware .com
asearchservice .com bestmoviesitefreein .com
beautypornpost .com mobifonika .com
beddenis .info moon-player .com
bestadulttube .com moviezlibs .com
bestcanadianmed .com movshighway .com
bestinfosearch .com movwmwares .com
mjuie .com movzway .com
bestofasia .info mp3directz .com
jiehg .com mp3zooming .com
bfansbxuow .net msdownloads .cn
bgdtr .com muslimwritersawards .co .uk
bgtnh .com mvoyo .com
blowjoborgy .info mymegatube .com
bluehomepages .com nevervhudo .ru
boyhome .ru newresultshere .com
bsplupdate .com nicebots .biz
bulkwatcher .com onenewtoolbar .com
bundlext .com opsfiles .com
bvyls .com owndocuments .com
casal192 .com piczway .com
caz56 .com posheng21 .cn
cdiqa .com privatesecuritycenter .com
shortlinkings .com qq188 .cn
classicplupdate .com qwertycn .cn
cleanlive .net renamehomepage .com
clipzocean .com returnhomepage .com
clipzportal .com safeinformservice .com
clipzsaloon .com screenshortcuts .com
cserv1 .com searchquickone .com
cserv2 .com searchquicktwo .com
cutrecord .in searchres1 .com
dcevr .com searchres2 .com
dgjir .com searchtubez .com
dieytemsn .com securesurface .com
dj-xxx-tube .com securityadvizr .com
dnsallabout .com selectedclipz .com
dnserrorname .com selectedtoolbar .com
dnserrorz .com check-pc-antivir-2009 .com
dnsmislead .com skwarovski .biz
docsofyours .com softawe-download-forpc .com
domain5124 .com software-pc-archive .com
ebn-tube .com softwaredownload2008hq .com
elkaribe .biz softwaredownload2008sq .com
tgbfiles .com softwaredownload2008tq .com
fast-av-pc-scan .com startpagepreview .com
fewfwe .net storage-antispyware .com
flyonfiles .com syshomepage .com
free-mp3-paradise .com systemtrigger .com
freesearchway .com tdsvassarium .com
freexxxmovz .com ygpfb .com
gckry .com therxdrugs .net
getresultnoew .com top100clipz .com
gibserv .com tube-chicks .net
gizmosb .biz tube-ducks .net
gogomovz .com tube-dudes .net
google-analitucs .com tube-viewert .net
google-analitucs .ru upgrade-pc-softz .com
googlestats .ru upgrade-soft-serv20 .com
guiltydns .com uptodatekeeper .com
hidatabase .cn usedforspeedupb .info
highway69 .info vgdes .com
homepagereset .com vidsdevices .com
hpropellero .com vidzdevices .com
hq-vidz .com vidzselector .com
ietoolmachine .com virtrigger .com
ilone .cn virtriggersupport .com
img-z .com virus-trigger .com
imgdirectz .com virus-triggers .com
imgzportal .com virustrigger2009 .com
informtoolbar .com vn92 .net
intermovz .com windowsupdateonline .com
ixivght .com wmpappliance .com
yhdmi .com wmpinstrument .com
zendirectz .com experiencetoolbar .com
zxs35 .com

Contact us if you want to help us keep the Malware Domain Blocklist current.
Read this page if you want to report a false positive.
Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

38 new domains to block

Posted on September 27th, 2008 in asprox,New Domains,zlob by dglosser

Sources: www.malwaredomainlist.com, www.abuse.ch, sunbeltblog.blogspot.com, www.threatexpert.com, and others.

5foot .org ieprogramming .com
anti-virus-xp .com internet-defenses .com
asafetysite .com life-tablets .cn
av-xp2008 .com linksondesktop .com
belgius .net lobanabucks .cn
bhtoesp .com mediamswares .com
brbg .ru dadsplace .com .au
cfohello .com .au mncpssa .org
yanndex .su moreaccess4me .com
druzg .ru movsdlls .com
ogjtu .com mp3dowl .com
errordnsurl .com ebatkopatnax .ru
evilbots .net phpnet77 .com
fstat .cn sobalyaki .net
gfbwd .com stabroom .cn
mgaazz .com toolbarunit .com
ha2000 .co .uk utevox .site90 .com
iebdesp .biz waysofsecurity .com
yfrresp .com gmail-security .com

Contact us if you want to help us keep the Malware Blocklist current.

Domains.txt file is the complete list along with original reference.
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock, ISA, and MaraDNS formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

Over 100 new domains to block

Posted on August 26th, 2008 in asprox,fake codecs,New Domains,rogue antivirus,sql injection,zlob by dglosser

Lots of rogue security domains, some asprox, some zlob. Sources: sunbeltblog.blogspot.com, ddanchev.blogspot.com, malwaredatabase.net, and others:

1000ylc .cn codecservice1 .com
2008antivirus .net codecservice6 .com
2008antivirusxp .com antivirus-noadware-2008 .com
2antivirus2008 .com encountertracker .ws
3antivirus2008 .com expressantivirus2009 .com
5antivirus2008 .com faunarium .net
6antivirus2008 .com antispyware2008sales .com
8antivirus2008 .com freeantivirus2009 .com
adult-s-portal .com freevidshardcore .com
adult-x2008 .com thefunny-08 .com
firstblu .cn fwlprocedure .com
gnaa .us antispydeluxe2009 .com
antitrojan-2008 .com hotadulttube08 .com
antivir-64 .com moyapodruzhka .com
antivir2008 .us mpegadaptationcom
antivir2009 .com msantivirusxp .com
antivirus-2008-xp .com msscanner .com
antivirus-2008 .org myantivirusprotection2009 .com
antivirus-best-2008 .com newcontent-s2008a .com
crklab .us newfunnyvideo .com
antivirus-pro-2008 .com norton-antivirus-2007 .com
funny-08 .com norton2009antivirus .com
antivirus2008-pro .com nortons2009antivirus .com
antivirus2008-pro .name nortonsantivirus2009 .com
antivirus2008-pro .org porndebug .com
antivirus2008b .net pornmoviestube .net
antivirus2008m .net realonlinevideo-2008 .com
antivirus2008n .net antivirus-protection2008 .com
retoneva .com scanner-prot .com
antivirus2008pro .name secure-online-antivirus .com
antivirus2008v .net sexlookupworld .com
siteresults1 .com sfwinstrument .com
antivirus2009free .com antivirus2008pro-download .org
antivirus777 .com spywarepreventer .com
stars-08 .com starfeed1 .com
antivirusonline-2009 .com antivirus2009-freeverscan .com
antivirusq .net thebigstars-08 .com
antivirusr .net thebigstars2008 .com
antivirussofware2008 .com yourfavoritetube .com
antivirussolution2008 .com themusic-08portal .com
antivirusu .net thestars-08 .com
antivirusw .net thestars08 .com
antivirusxp2008 .org thestars2008 .com
bestcelebs .ru topdirectdownload .com
bestfunnyvids .com topsoftupdate .com
beyru .ru win-antivirus-protect .com
celebs69 .com windows-antispyware-2008 .com
celebsnofake .com worldstars2008 .com
celebstape .com antivirusfreescan2009 .com
celebsvidsonline .com xp-2008-antivirus .com
wwvyoutube .com xp-antivirus-2008 .com

Contact us if you want to help us keep the Malware Blocklist current.domains.txt file is the complete list along with original reference.Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!
Used by SURBL, MOREnet, and others…

New asprox, zlob, malware and spyware domains

Posted on August 2nd, 2008 in asprox,New Domains,rogue antivirus,sql injection,zlob by dglosser

asprox domains, a few rogue antivirus sites, zlob trojan domains

Sources include www.dynamoo.com, spyware-techie.com, www.matchent.com, and others:

8hcs .ru medvezhonok .org
98hs .ru mpegversion .com
porv .ru abcways .com
nwj4 .ru power-antivirus-2009 .com
asp82 .co .uk prt27 .co .uk
aspx7 .co .uk releasedvideo .com
bck48 .co .uk shredder-scan .com
bgsr .ru topsafetysoft .com
bnk6 .co .uk antivirus-2009pro .com
bywd .ru videoexternal .com
get74 .co .uk webbestlink .com
getwsp .com websecurebar .com
ibse .ru win-x-defenders .com
iexplorerclue .com worldofwarcrokft .com
uhwc .ru wsp2008scanner .com
ojns .ru ihatemondayand .com
ncbw .ru mailer1 .key-one .it

Contact us if you want to help us keep the Malware Blocklist current.domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!
Now a trusted source on the WOT-the Web of Trust!

DNS-BH Update: 58 new domains

Posted on July 26th, 2008 in asprox,Domain News,fake codecs,rogue antivirus,sql injection,zlob by dglosser

Some ASProx domains, zlob domains, trojan domains, and fake antivirus domains. . Sources include www.malwaredomainlist.com, bharath-m-narayan.blogspot.com, www.shadowserver.org, and others:

1212l112 .net irxxv .com
kodj .ru iwillseethatvideo .com
345bi .cn 2008-adult-s2008 .com
a-n-k-o-r .com best-freeware2008 .com
adnsline .com lvorgucci .net
pfd2 .ru manswar .commalware
po4c .ru mpegstandard .com
nmr43 .ru formatmpeg .com
ns-ok .com best-soft-maxi .com
asgates .com nihao29 .cn
bce8 .ru anvimaster .com
nemr .ru anvi-scanner .com
kjwd .ru otherhomepage .com
blackhei .cn allsecurenews .com
lksr .ru almamama .com .cn
ch35 .ru pvs360 .com
dajao .cn qwgates .com
daoqaz .cn rkjhc .cn
dcads .biz secureshortcuts .com
ncwc .ru sky8000 .com
herezh .cn uswow2 .com
infomm .cn web678 .com .cn
iroe .ru windows-virus-scanner .com
j1bc .cn wooollstx .cn
jackkk .cn yibanle .cn
jve4 .ru youlaiyou .net
k1ks .cn zerolost .org
kpo3 .ru zfzuguo .cn
kr92 .ru browseroption .com

Contact us if you want to help keep the Malware Blocklist current.

domains.txt file is the complete list along with original reference.

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
Also available in AdBlock and ISA formats!

New Asprox, zlob, Storm Worm Domains to block

Posted on July 6th, 2008 in iframes,New Domains,sql injection,Storm Worm,zlob by dglosser

New domains associated with asprox, zlob, and Storm Worm.
Many are being used in the latest SQL IFrame injection attacks:

1ive .net musiconelove .com
asp63 .com nationwide2u .cn
bestlovelyric .com makeloveforever .com
canclvr .com shelovehimtoo .com
cnzuma .cn spywareonlinescanner .com
cont67 .com lovekingonline .com
form43 .com superlovelyric .com
foursn .cn testwvr .com
gonelovelife .com theplaylove .com
greatadore .com ucomddv .com
knowholove .com makingadore .com
ktrcom .com makingloveworld .com
likethisone1 .com user1 .zhong262 .cn
lokriet .com wantcherish .com
stiwdd .com whoisknowlove .com
upcomd .com wholovedirect .com
portwbr .com wholoveguide .com
loveoursite .com loveisknowlege .com
mainbvd .com lovemarkonline .com
urs .axa-axa .cn

Sources: infosec20.blogspot.com, blog.scansafe.com, sudosecure.net, and others. Check the latest updates file for the original reference.

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

DNS-BH Update: Zlob variants and fake codecs

Posted on June 16th, 2008 in fake codecs,New Domains by dglosser

New domains, mainly from Dancho Danchev’s Blog (who has some interesting things to say about backlisting malicious sites):

p-o-r-n-0.info 2008adult-s2008.com
stred.in pornotube-20008.com
stred.biz pornotube20008.com
adult-youtube-8.com s-soft08freeware.com
all-index.com scanner.shredderscan.com
bandateam.com sex-18tube-2008.com
bestxvids.info sex-tube-20008.com
carsfoto.ru sex-tube20008.com
wowtofree.info sexi18tube2008.com
coolsexmovies.net sextubecodec55.com
free-movie-xxx.net streamadultvideo.com
gold-collection.biz cheapest-pharmacy.com
google-network.net 2008adult2008.com
sexakaporn.com supersharebox.com
hotvidstube.com hot-pornotube2008.com
hqtube.com tubescollection.com
myflydirect.com tubeuniverses.com
tosserhost.com west-video-xxx.info
newcontent-s2008.com new-content-s2008.com
p-o-r-n-0.com xxxstreamonline.com
2008-adult-2008.com  

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Mass File Injection Attack Domains

Posted on May 12th, 2008 in iframes,New Domains,zlob by dglosser

Sans reports on several domains which contain a malicious JavaScript that pulls down a file associated with Zlob:

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

These, along with other domains, have been added to the malware blocklist:

02to cn 9191my com
1000dog cn 91dna com
123cha com 96my com
13996 net aardappel eigenstart nl
13ux com achongsoft com
17cha net ads520 com
203pk cn advertyz com
31fa com avihelper com
50blog cn fileave com
51ysc cn free hostpinoy info
531140 com kisswow com cn
55265 net mpeghelper com
57ez com rightonadz biz
www brasilon-line com  

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format

Important Update: 44 New Blocklist Domains

Posted on May 9th, 2008 in iframes,New Domains by dglosser

44 new domains associated with malware.

A mix of fast-flux domains, domains associated with another iframe injection, zlobs, and other nasties.  Nothing you’d want on your network.

Sources include Castlecops, McAfee, Symantec, ThreatexpertSiteadvisor, and others. As always, check the fifth field in the domains.txt file for the original reference.

222online cn kjwre9fqwieluoi info
abpowqbvcfds677 info lia zanet net
mykgb com mcduii 2mydns com
avitool com my-page-de info
pzrk ru fcnhysydw mycoding com/
ririwow cn neytteybbo mario org
bclr-cash net nttstziinpa widescreenhd tv
bmoney-frn net pedmeo222nb info
bpowqbvcfds677 info amwnnnn web6 7it7 cn
buynvf96 info safeshortcuts com
bxxxl-cash net secureinfotool com
bluell cn technican w interia pl
dbcabh-ddt net wmvtool com
ddl2 com wyqggvow 2mydns net
dlivmg a la ydspread com
ebddrbcash net yuaccounting com
zhbidto com zanewnovel com
gatebm com bbeakemegood24 com
gategq com zipitover com
hao929 cn zjofficial com
iednsallerror com canadiandiscountsmeds com
instantsafepage com balsfhkewo7i487fksd info

Help fight spyware: Join the Spyware Listening Post!

domains.txt file is the complete list along with original reference

Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files

BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format