• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
AplusWebMaster

Malware Domain Blocklist updated...

545 posts in this topic

FYI...

 

DNS-BH – Malware Domain Blocklist

- http://www.malwaredomains.com/

March 10, 2010 - "250+ Fraud, neosploit, Domains, zeus, exploit domains to block..."

 

- http://www.malwaredomains.com/wordpress/?page_id=2

The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.

 

This list is also available in AdBlock and ISA Format..."

 

To install the AdblockPlus extension in Firefox, click here:

- https://addons.mozilla.org/en-US/firefox/addon/1865

 

- http://www.youtube.com/watch?v=oNvb2SjVjjI

 

Blocking malicious sites with Adblock Plus

- http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus

"... another layer of protection..."

Scroll down to: "... click here to subscribe to the list in Adblock Plus..." and click on the link - click OK to the popup for "Add subscription" - done.

___

 

- http://news.cnet.com/8301-27080_3-10466753-245.html

"WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware..."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.malwaredomains.com/wordpress/?p=886

March 17, 2010 - "217 new domains associated with rogue antivirus, fastflux, trojan, iframes, botnets, etc. Souces include secuboxlabs.fr, malwaredomainlist.com, ddanchev.blogspot.com..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.malwaredomains.com/wordpress/?p=911

April 8, 2010 - "Added 210 koobface domains and 53 other domains associated with malicious activity. Sources: www.malwareurl.com, www.malwaredomainlist.com, secuboxlabs.fr, and others..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Big Update: gumblar domains, rbn domains, trojan domains and more

- http://www.malwaredomains.com/wordpress/?p=933

April 16, 2010 - "Over 300 domains associated with the RBN, gumblar, trojans, as well as domains associated with fraud. Sources include defintel.blogspot.com, emergingthreats.net, krebsonsecurity.com..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

MalwareDomains updated - 2010.04.19...

- http://www.malwaredomains.com/wordpress/?p=938

April 19, 2010 - "... quick update, mainly of the domains mentioned earlier...

xfgkddya .cn, yesoc .in, yetanotherguitarsite .com, bitapardaz .net, crystaldesignlab .com, excellentblener .ru, binglbalts .com, corpadsinc .com, fourkingssports .com, mauiexperts .com, mauisportsinsider .com, 4238789324 .com"

 

Urgent additions

- http://www.malwaredomains.com/wordpress/?p=935

April 18, 2010 - "... the following domains are blocked or blacklisted:

binglbalts . com, corpadsinc .com, fourkingssports .com, networkads .net, mainnetsoll .com

sources: http://ddanchev.blogspot.com/2010/04/dissecting-wordpress-blogs-compromise.html , http://isc.sans.org/diary.html?storyid=8647 ."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Fake McAfee DAT 5959: Google SEO hijacking

- http://www.malwaredomains.com/wordpress/?p=950

April 30, 2010 - "please block

* malware-checker-free. com

* tolstiy.co. cc

* endroiturlredirect. com

These sites are involved in google SEO hijacking and host exploits. Sites will be added on the next update.

Source: http://phil-secu.over-blog.net

 

:grrr::ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Important additions...

- http://www.malwaredomains.com/wordpress/?p=955

May 5, 2010 - "...Please block the following ASAP:

thejustb. com

grepad. com

ginopost. com

Sources:

- http://blog.scansafe.com/journal/2010/5/4/grepadcom-iframe-nets-govt-niche-sites.html

 

- http://isc.sans.org/diary.html?storyid=8740

 

- http://ddanchev.blogspot.com/2010/05/us-treasury-site-compromise-linked-to.html ..."

___

 

- http://google.com/safebrowsing/diagnostic?site=thejustb.com/

"... suspicious content was found on this site... on 2010-05-04. Malicious software includes 1 exploit(s)..." - Country: UA

- http://google.com/safebrowsing/diagnostic?site=ginopost.com/

"... suspicious content was found on this site... on 2010-04-26. Malicious software includes 6 exploit(s), 5 trojan(s)..." - Country: UA

- http://google.com/safebrowsing/diagnostic?site=grepad.com/

"... suspicious content was found on this site.... on 2010-04-28. Malicious software includes 15 exploit(s), 9 trojan(s)..." - Country: UA

 

:ph34r: :ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

exploit, fastflux, malspam, rogue domains

- http://www.malwaredomains.com/wordpress/?p=959

May 6, 2010 - "159 domains containing malspam, rogue antivirus, trojans, or associated with fraud. Sources include www.malwareurl.com, atlas.arbor.net, hphosts.blogspot.com, ddanchev.blogspot.com..."

 

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Huge Update: 270 domains

- http://www.malwaredomains.com/wordpress/?p=974

May 19, 2010 - "rogue domains, fastflux domains, exploit domains, and other malicious domains. Sources include www.malwaredomainlist.com, www.malwareurl.com, secuboxlabs.fr, and jsunpack.jeek.org..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Update: koobface,fastflux,zbot,zeus domains

- http://www.malwaredomains.com/wordpress/?p=976

May 23, 2010 - "Over 250 new domains associated with zbot, zeus,torpig,neosploit, koobface and other maliciousness. Sources include ddanchev.blogspot.com, atlas.arbor.net/summary/fastflux, www.malc0de.com, zeustracker.abuse.ch..."

 

- http://atlas.arbor.net/summary/fastflux

"... Currently monitoring 226 active fastflux domains..."

 

- http://www.malwaredomains.com/wordpress/?p=979

May 24, 2010 - "trendsecure.com is incorrectly listed and has been removed. Please remove from your blocklists ASAP."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Urgent addition: v-medical-dot-org/89.187.53.203

- http://www.malwaredomains.com/wordpress/?p=990

Posted on May 27th, 2010 in 0day, New Domains by dglosser

 

Please add v-medical. org (89.187.53.203) to your blocklists.

Source: http://isc.sans.org/diary.html?storyid=8860

Last Updated: 2010-05-27 18:18:30 UTC

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.malwaredomains.com/wordpress/?p=993

May 29, 2010 - "Over 250 new malicious domains associated with zeus, fake security, neosploit, and other trojans and malware. Sources include malwaredomainlist.com, google.com/safebrowsing, blog.dynamoo.com..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

List cleanup: 950 domains removed

- http://www.malwaredomains.com/wordpress/?p=1000

June 1, 2010 - "950 older domains have been removed. They are located in the file “removed-domains-20100601.txt” . Please let us know ASAP if any should be placed back on active state."

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Urgent Block: credittreport-dot-info Clickjacking Attacks

- http://www.malwaredomains.com/wordpress/?p=1003

June 2, 2010 - "There has been an outbreak of clickjacking attacks on Facebook’s “Like” plugin. The target domain associated with the hidden iframe is credittreport. info. Please block that domain ASAP. Source:

- http://isc.sans.org/diary.html?storyid=8893

Last Updated: 2010-06-02 19:08:01 UTC

 

:ph34r: :ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Urgent Block: google-analytics(dot)dynalias.org

- http://www.malwaredomains.com/wordpress/?p=1013

June 7th, 2010 - Please block google-analytics. dynalias. org.

 

Sources:

- http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99&tabid=2

Updated: June 7, 2010 1:56:30 AM

 

- http://phil-secu.over-blog.net/

 

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Scareware, trojan, exploit domains

- http://www.malwaredomains.com/wordpress/?p=1015

June 8, 2010 - "A bunch of new domains associated with scareware, exploits, trojans, etc. Sources: paretologic.com, www3.malekal.com, www.kvarcasvany .hu, ddanchev.blogspot.com and others..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Urgent Block: ww-dot-robint-dot-us

- http://www.malwaredomains.com/wordpress/?p=1017

June 9, 2010 - "ww(dot)robint(dot)us has been injected into over 111,000 IIS/ASP sites. Please add this to your blocklist ASAP (or refresh your zone file, as last night’s update included that domain) Sources:

- http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

- http://nsmjunkie.blogspot.com/2010/06/anatomy-of-latest-mass-iisasp-infection.html

- http://isc.sans.edu/diary.html?storyid=8935 "

 

- http://www.spywareinfoforum.com/index.php?showtopic=128865&view=findpost&p=724792

 

:ph34r::grrr::ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

fastflux, zeus, trojan domains added

- http://www.malwaredomains.com/wordpress/?p=1044

June 15, 2010 - "sources include secuboxlabs.fr, atlas.arbor.net, malwaredomainlist.com, zeustracker.abuse.ch..."

 

- http://www.abuse.ch/?p=2568

May 17, 2010 - "... Arbor Networks... has added a fingerprint in their Peakflow product family to help Internet Service Providers (ISPs) and companies around the world to mitigate, protect and monitor malicious ZeuS C&C Botnet traffic within their Networks. The fingerprint provided by Arbor is being generated in cooperation with the ZeuS Tracker... If you are a network administrator and your company is runing Arbor Peakflow you just can activate the fingerprint using Arbor’s Active Threat Feed policies (ATF)."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Urgent block: volgo-marun .cn & sicha-linna8 .com

- http://www.malwaredomains.com/wordpress/?p=1065

June 22, 2010 - "From cyberinsecure.com:

The support site of leading Chinese PC manufacturer Lenovo has been compromised by unknown attackers who injected a rogue IFrame into the pages over the weekend. Security researchers warn that unwary visitors looking for drivers are exposed to several exploits that install the Bredolab trojan onto their computers.

The IFrame points to an exploit kit hosted on a domain called volgo-marun. cn. After performing several checks to determine what vulnerable software they had installed on their computer, the visitors were served with exploits targeting older versions of Internet Explorer, Adobe Reader or Adobe Flash player... and receives commands from C&C server with domain sicha-linna8 .com "

 

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

List Cleanup: 646 Domains Removed

- http://www.malwaredomains.com/wordpress/?p=1092

July 5, 2010 - "646 domains have been removed. Please let us know if any need to be readded. There were 31 domains added in July 2009 and, a year later, are still actively serving up malware (according to google safebrowsing)..."

 

:!:

Share this post


Link to post
Share on other sites

FYI

 

138 new domains

- http://www.malwaredomains.com/wordpress/?p=1094

July 6, 2010 - "138 new domains, including some gumblar and “malvertising” domains. Sources include: mdl.paretologic.com, malc0de.com/database/, blog.unmaskparasites.com, stopmalvertising.com..."

 

:!:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now