95 replies to this topic

[AplusWebMaster]

FYI...

DNS-BH – Malware Domain Blocklist
- http://www.malwaredomains.com/
March 10, 2010 - "250+ Fraud, neosploit, Domains, zeus, exploit domains to block..."

- http://www.malwaredo...ress/?page_id=2
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.

This list is also available in AdBlock and ISA Format..."

To install the AdblockPlus extension in Firefox, click here:
- https://addons.mozil...efox/addon/1865

-

Blocking malicious sites with Adblock Plus
- http://adblockplus.o...th-adblock-plus
"... another layer of protection..."
Scroll down to: "... click here to subscribe to the list in Adblock Plus..." and click on the link - click OK to the popup for "Add subscription" - done.
___

- http://news.cnet.com...466753-245.html
"WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware..."



FYI...

- http://www.malwaredo...ordpress/?p=880
March 13, 2010 - "151 new domains from www.malwareurl.com, malc0de.com, ddanchev.blogspot.com, safeweb.norton.com and others"



FYI...

- http://www.malwaredo...ordpress/?p=886
March 17, 2010 - "217 new domains associated with rogue antivirus, fastflux, trojan, iframes, botnets, etc. Souces include secuboxlabs.fr, malwaredomainlist.com, ddanchev.blogspot.com..."



FYI...

- http://www.malwaredo...ordpress/?p=889
March 20, 2010 - "201 new domains to block. Sources include ddanchev.blogspot.com, blogs.paretologic.com, support.clean-mx.de..."



FYI...

- http://www.malwaredo...ordpress/?p=892
March 24, 2010 - "160 new domains flagged as drive-by downloads, scareware, zeus, and harmful by malc0de.com, jsunpack.jeek.org, malwareint.blogspot.com and others..."



FYI...

- http://www.malwaredo...ordpress/?p=896
March 27, 2010 - "173 new domains to add to your shunlist and blocklist… Sources: www.malwareurl.com, malc0de.com, phil-secu.over-blog.net and others.."



FYI...

Blackhole DNS Update – 196 new domains
- http://www.malwaredo...ordpress/?p=901
March 30, 2010 - "Sources include securehomenetwork.blogspot.com, zeustracker.abuse.ch, ddanchev.blogspot.com..."



FYI...

- http://www.malwaredo...ordpress/?p=909
April 5, 2010 - "... 300 new domains have been added. Sources: support.clean-mx.de, www.freepcsecurity.co.uk, www.malwareurl.com, and others..."



FYI...

- http://www.malwaredo...ordpress/?p=911
April 8, 2010 - "Added 210 koobface domains and 53 other domains associated with malicious activity. Sources: www.malwareurl.com, www.malwaredomainlist.com, secuboxlabs.fr, and others..."



FYI...

- http://www.malwaredo...ordpress/?p=919
April 11, 2010 - "230 domains to add to your malware blocklist or malware domain sinkhole..."



FYI...

- http://www.malwaredo...ordpress/?p=924
April 14, 2010 - "261 domains to block or redirect to your sinkhole. Sources include malc0de.com, support.clean-mx.de, and secuboxlabs.fr..."



FYI...

Big Update: gumblar domains, rbn domains, trojan domains and more
- http://www.malwaredo...ordpress/?p=933
April 16, 2010 - "Over 300 domains associated with the RBN, gumblar, trojans, as well as domains associated with fraud. Sources include defintel.blogspot.com, emergingthreats.net, krebsonsecurity.com..."



FYI...

MalwareDomains updated - 2010.04.19...
- http://www.malwaredo...ordpress/?p=938
April 19, 2010 - "... quick update, mainly of the domains mentioned earlier...
xfgkddya .cn, yesoc .in, yetanotherguitarsite .com, bitapardaz .net, crystaldesignlab .com, excellentblener .ru, binglbalts .com, corpadsinc .com, fourkingssports .com, mauiexperts .com, mauisportsinsider .com, 4238789324 .com"

Urgent additions
- http://www.malwaredo...ordpress/?p=935
April 18, 2010 - "... the following domains are blocked or blacklisted:
binglbalts . com, corpadsinc .com, fourkingssports .com, networkads .net, mainnetsoll .com
sources: http://ddanchev.blog...compromise.html , http://isc.sans.org/...ml?storyid=8647 ."



FYI...

Blackhole DNS Update
- http://www.malwaredo...ordpress/?p=940
April 20, 2010 - "Sources: wepawet.cs.ucsb.edu, malc0de.com, jsunpack.jeek.org, ddanchev.blogspot.com and others..."



FYI...

Many fastflux and rogue domains
- http://www.malwaredo...ordpress/?p=946
April 24, 2010 - "Sources include www.malwareurl.com, www.siteadvisor.com, www.malwaredomainlist.com..."

Edited by AplusWebMaster, 06 March 2012 - 09:56 PM.

[AplusWebMaster]

FYI...

- http://www.malwaredo...ordpress/?p=948
April 29, 2010 - "rogues, backdoors, exploit domains, and other badness. Sources include www.malwaredomainlist.com, atlas.arbor.net, threatexpert.com..."

[AplusWebMaster]

FYI...

Fake McAfee DAT 5959: Google SEO hijacking
- http://www.malwaredo...ordpress/?p=950
April 30, 2010 - "please block
* malware-checker-free. com
* tolstiy.co. cc
* endroiturlredirect. com
These sites are involved in google SEO hijacking and host exploits. Sites will be added on the next update.
Source: http://phil-secu.over-blog.net

[AplusWebMaster]

FYI...

DNS-BH Update...
... rogue antivirus, zeus...
- http://www.malwaredo...ordpress/?p=952
May 3, 2010 - "Sources: secuboxlabs.fr, safeweb.norton.com. www.malwaredomainlist.com, and others..."

[AplusWebMaster]

FYI...

Important additions...
- http://www.malwaredo...ordpress/?p=955
May 5, 2010 - "...Please block the following ASAP:
thejustb. com
grepad. com
ginopost. com
Sources:
- http://blog.scansafe...iche-sites.html

- http://isc.sans.org/...ml?storyid=8740

- http://ddanchev.blog...-linked-to.html ..."
___

- http://google.com/sa...e=thejustb.com/
"... suspicious content was found on this site... on 2010-05-04. Malicious software includes 1 exploit(s)..." - Country: UA
- http://google.com/sa...e=ginopost.com/
"... suspicious content was found on this site... on 2010-04-26. Malicious software includes 6 exploit(s), 5 trojan(s)..." - Country: UA
- http://google.com/sa...ite=grepad.com/
"... suspicious content was found on this site.... on 2010-04-28. Malicious software includes 15 exploit(s), 9 trojan(s)..." - Country: UA

Edited by AplusWebMaster, 05 May 2010 - 02:32 PM.

[AplusWebMaster]

FYI...

exploit, fastflux, malspam, rogue domains
- http://www.malwaredo...ordpress/?p=959
May 6, 2010 - "159 domains containing malspam, rogue antivirus, trojans, or associated with fraud. Sources include www.malwareurl.com, atlas.arbor.net, hphosts.blogspot.com, ddanchev.blogspot.com..."

[AplusWebMaster]

FYI...

exploit, zeus, trojan domains
- http://www.malwaredo...ordpress/?p=970
May 17, 2010 - "Sources include: www.malwaredomainlist.com, secuboxlabs.fr, blog.sucuri.net..."

[AplusWebMaster]

FYI...

Huge Update: 270 domains
- http://www.malwaredo...ordpress/?p=974
May 19, 2010 - "rogue domains, fastflux domains, exploit domains, and other malicious domains. Sources include www.malwaredomainlist.com, www.malwareurl.com, secuboxlabs.fr, and jsunpack.jeek.org..."

[AplusWebMaster]

FYI...

Update: koobface,fastflux,zbot,zeus domains
- http://www.malwaredo...ordpress/?p=976
May 23, 2010 - "Over 250 new domains associated with zbot, zeus,torpig,neosploit, koobface and other maliciousness. Sources include ddanchev.blogspot.com, atlas.arbor.net/summary/fastflux, www.malc0de.com, zeustracker.abuse.ch..."

- http://atlas.arbor.n...ummary/fastflux
"... Currently monitoring 226 active fastflux domains..."

- http://www.malwaredo...ordpress/?p=979
May 24, 2010 - "trendsecure.com is incorrectly listed and has been removed. Please remove from your blocklists ASAP."

Edited by AplusWebMaster, 24 May 2010 - 09:05 PM.

[AplusWebMaster]

FYI...

Blackhole DNS Update: 138 new domains
- http://www.malwaredo...ordpress/?p=986
May 26, 2010 - "sources: secuboxlabs.fr, www.siteadvisor.com..."

[AplusWebMaster]

FYI...

Urgent addition: v-medical-dot-org/89.187.53.203
- http://www.malwaredo...ordpress/?p=990
Posted on May 27th, 2010 in 0day, New Domains by dglosser

Please add v-medical. org (89.187.53.203) to your blocklists.
Source: http://isc.sans.org/...ml?storyid=8860
Last Updated: 2010-05-27 18:18:30 UTC

[AplusWebMaster]

FYI...

- http://www.malwaredo...ordpress/?p=993
May 29, 2010 - "Over 250 new malicious domains associated with zeus, fake security, neosploit, and other trojans and malware. Sources include malwaredomainlist.com, google.com/safebrowsing, blog.dynamoo.com..."

[AplusWebMaster]

FYI...

List cleanup: 950 domains removed
- http://www.malwaredo...rdpress/?p=1000
June 1, 2010 - "950 older domains have been removed. They are located in the file “removed-domains-20100601.txt” . Please let us know ASAP if any should be placed back on active state."

.

Edited by AplusWebMaster, 01 June 2010 - 04:39 PM.

[AplusWebMaster]

FYI...

Urgent Block: credittreport-dot-info Clickjacking Attacks
- http://www.malwaredo...rdpress/?p=1003
June 2, 2010 - "There has been an outbreak of clickjacking attacks on Facebook’s “Like” plugin. The target domain associated with the hidden iframe is credittreport. info. Please block that domain ASAP. Source:
- http://isc.sans.org/...ml?storyid=8893
Last Updated: 2010-06-02 19:08:01 UTC

Edited by AplusWebMaster, 02 June 2010 - 08:59 PM.

[AplusWebMaster]

FYI...

140 Domains added...
- http://www.malwaredo...rdpress/?p=1007
June 4, 2010 - "140 new domains to shun, redirect, or just block. Sources: dnsbl.abuse.ch, www.malwaregroup.com, malc0de.com, and others..."