Jump to content


Photo

Malware Domain Blocklist updated...


  • Please log in to reply
449 replies to this topic

#251 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 01 May 2012 - 07:06 AM

FYI...

malvertising, malicious js, bugat domains
- http://www.malwaredo...rdpress/?p=2653
April 29th, 2012 - "Added 137 domains associated with google safebrowsing, malvertising, malicious javascript, etc. Sources include exposure.iseclab.org, safebrowsing.clients.google.com, stopmalvertising.com and others..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#252 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 05 May 2012 - 09:58 PM

FYI...

bhexploitkit, htaccess, iframes, trojans...
- http://www.malwaredo...rdpress/?p=2660
May 4th, 2012 - "Added 110 domains associated with htaccess redirects, malicious iframes, trojans, etc. sources include malwaredomainlist.com, safebrowsing.clients.google.com, jsunpack.jeek.org..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#253 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 08 May 2012 - 07:06 AM

FYI...

Exploit Domains, iframes, malvertising
- http://www.malwaredo...rdpress/?p=2663
May 6th, 2012 - "Added over 140 domains associated with exploits, malvertising, ransom/rogues, and of course zeus, etc. Sources: mwis.ru, vxvault.siri-urz.net, vxvault.siri-urz.ne..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#254 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 15 May 2012 - 05:48 AM

FYI...

sql injection, htaccess, malicious js domains
- http://www.malwaredo...rdpress/?p=2673
May 13th, 2012 - "Added domains associated with htaccess redirection, sql injection, iframes, etc..."

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#255 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 18 May 2012 - 10:48 AM

FYI...

BH Exploit Kit, malvertising, cridex domains
- http://www.malwaredo...rdpress/?p=2676
May 17th, 2012 - "Added almost 150 domains associated with Black Hole Exploits, malvertising, cridex, etc. Sources: mwis.ru, zeustracker.abuse.ch, exposure.iseclab.org and several others..."

:ph34r: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#256 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 22 May 2012 - 07:14 AM

FYI...

htaccess redirects, malicious javascript, trojans
- http://www.malwaredo...rdpress/?p=2684
May 22nd, 2012 - "Added 137 domains associated with htaccess redirects, malvertising, iframes, trojans, etc. Sources: exposure.iseclab.org, threatexpert.com, zeustracker, sucuri.net, and others..."

:!: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#257 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 26 May 2012 - 10:17 PM

FYI...

Java Exploits, malicious advertising, SutraTDS
- http://www.malwaredo...rdpress/?p=2691
May 26th, 2012 - "Added over 100 domains associated with malvertising, java exploits, htaccess redirects. Sources include hosts-file.net, mwis.ru, sucuri.net..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#258 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 01 June 2012 - 10:41 PM

FYI...

Flamer, htaccess, botnet, malspam domains...
- http://www.malwaredo...rdpress/?p=2705
June 1st, 2012 - "Added over 140 malicious domains associated with flamer, htaccess redirects, malspam etc. Sources include spamhaus.org, malwareurl.com, malware-control.com and many others..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#259 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 05 June 2012 - 08:32 AM

FYI...

BH Exploit, citadel, malspam, Tinba domains...
- http://www.malwaredo...rdpress/?p=2714
June 4th, 2012 - "Added over 140 domains associated with Tinba, pornmocup, back hold exploits, etc. Sources include exposure.iseclab.org, c-apture.blogspot.com, hosts-file.net, malware-control.com and others..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#260 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 14 June 2012 - 06:50 AM

FYI...

malvertising, malicious javascript, trojans...
- http://www.malwaredo...rdpress/?p=2732
June 13th, 2012 - "Added over 140 domains associated with trojans, sql injection, malvertising, etc. Sources include xylibox.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#261 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 18 June 2012 - 06:16 AM

FYI...

zeroaccess, malspam, blackhole exploit domains
- http://www.malwaredo...rdpress/?p=2735
June 17th, 2012 - "Added domains associated with bh exploits, malicious spam, zeroaccess and other trojans. Sources include labs.sucuri.net, hosts-file.net, blog.dynamoo.com..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#262 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 25 June 2012 - 07:39 PM

FYI...

runforestrun, iceix, rogues, malvertising, malspam domains...
- http://www.malwaredo...rdpress/?p=2749
June 25th, 2012 - "Two recent updates, adding over 230 domains associated with “RunForestRun, IceIX, Malicious Spam, Malicious Advertising, etc. Sources include malwaredomainlist.com, isc.sans.org, hosts-file.net and many more..."

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#263 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 27 June 2012 - 09:02 AM

FYI...

Runforestrun update
- http://www.malwaredo...rdpress/?p=2758
June 26th, 2012 - "Old versions of Plesk store passwords in clear text
-> http://blog.unmaskpa...in-plesk-panel/
There is a remote SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those passwords.
-> http://kb.parallels.com/en/113321
Combine these two together and what do you get, malware of course.
Plesk Vulnerability Leading to Malware
>> http://blog.sucuri.n...to-malware.html
Runforestrun and Pseudo Random Domains
- http://blog.unmaskpa...random-domains/
Run, Forest! (Update) – block 95.211.27.206
- https://isc.sans.edu...t Update /13561
We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#264 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 28 June 2012 - 10:35 PM

FYI...

BH Exploit Kit, Run Forest Run, fariet domains
- http://www.malwaredo...rdpress/?p=2760
June 28th, 2012 - "A small but important update with some fariet, run forest run, bh exploit kit domains. Sources include blog.eset.com, microsoft.com, blog.urlvoid.com and others..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#265 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 05 July 2012 - 08:10 AM

FYI...

iframes, Pontoeb, scam domains
- http://www.malwaredo...rdpress/?p=2771
July 4th, 2012 - "Added over 100 domains associated with Pontoeb, scams, malicious iframes, etc. Sources: spamhaus.org, vxvault.siri-urz.net, sucuri.net and others..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#266 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 10 July 2012 - 08:21 AM

FYI...

246 malicious domains added...
- http://www.malwaredo...rdpress/?p=2783
July 10th, 2012 - "A very large update consisting of 246 domains associated with malvertising, iframes, black hole exploits, etc. Sources include malwaredomainlist.com, sucuri.net, dynamoo.com..."

:ph34r: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#267 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 13 July 2012 - 09:41 PM

FYI...

RunForestRun, malspam, malvertising Domains
- http://www.malwaredo...rdpress/?p=2788
July 12th, 2012 - "Added 150 domains (runforestrun, malspam, malvertising)."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#268 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 16 July 2012 - 08:18 PM

FYI...

Relisted Domains ...
- http://www.malwaredo...rdpress/?p=2791
July 16th, 2012 - "Just went through a bunch of older domains and relisted almost 50 of them. Or do the bad guys wait and “lay low” with their domain until “the coast is clear” and once google safebrowsing delists them, they once again use the domain to serve up malware (Whack-a-Mole)? Do they have google APIs and check daily to see if their domain is delisted?... It’s like fast-flux except the time frame is months instead of minutes.:

:grrr: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#269 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 23 July 2012 - 10:45 PM

FYI...

DNS-BH Updates: 7.19 and 7.21
- http://www.malwaredo...rdpress/?p=2794
July 22nd, 2012 - "Been remiss about mentioning updates on 7.19 and 7.21. Please update your blocklists/sinkhole..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#270 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 24 July 2012 - 05:15 PM

FYI...

IntelliDownload (stopmalvertising.com)
- http://www.malwaredo...rdpress/?p=2797
July 23rd, 2012 - "... article about IntelliDownload*...
* http://stopmalvertis...t-browsing.html
Jul 20, 2012 - "... it doesn’t disclose that it will hijack advertisements on several major websites and replace them with ads from oadsrv .com, scrape your Facebook data, spy on your browser session and report every move you make on the web back to chango .com ..."

Please study the domains listed in the article and take appropriate action (the domains have -not- yet been added to this blocklist)."

:ph34r: :!: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#271 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 26 July 2012 - 07:29 AM

FYI...

Java Exploit domains, trojans, rogues
- http://www.malwaredo...rdpress/?p=2800
July 25th, 2012 - "A small but important update containing domains associated with Java exploits, rogue antivirus, trojans, and other malicious domains you don’t want visiting your computer or network. Sources include mwis.ru, malwaredomainlist.com, and urlquery.net..."
___

- https://blogs.techne...Redirected=true
25 Jul 2012 - "The last few months we have seen a drastic increase in Java-based malware abusing the CVE-2012-0507* AtomicReferenceArray type-confusion vulnerability. In addition to that, a few weeks ago, a new Java vulnerability was found (CVE-2012-1723)**; it is also a type-confusion vulnerability. The attack abusing this new vulnerability is also very active... The most effective measure against these vulnerabilities is -updating- your Java installation. To check the version of JRE your browser is running, visit following link:
http://www.java.com/...d/installed.jsp ..."

* http://web.nvd.nist....d=CVE-2012-0507 - 10.0 (HIGH)
** http://web.nvd.nist....d=CVE-2012-1723 - 10.0 (HIGH)

:!:

Edited by AplusWebMaster, 26 July 2012 - 07:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#272 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 26 July 2012 - 04:44 PM

FYI...

RunForestRun DGA Update (update your Domain Blocklist) ...
- http://www.malwaredo...rdpress/?p=2805
July 26th, 2012 in 0day, New Domains
> http://blog.unmaskpa...imate-js-files/
26 Jul 12 - "... a quick recap of the RunForestRun attack: It began in mid-June and infected many servers with Plesk Panel since then. Hackers used Plesk’s File Manager to inject malicious code (mainly) at the bottom of .js files..."

"RunForestRun has changed the domain generating algorithm (DGA), and now uses waw.pl subdomains (instead of .ru) in malicious URLs."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#273 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 29 July 2012 - 10:46 AM

FYI...

RunForestRun DGA Domains
- http://www.malwaredo...rdpress/?p=2811
July 28th, 2012 - "Added over 200 RunForestRun Domains listed at blog.unmaskparasites.com."

:!: :ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#274 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 03 August 2012 - 10:17 PM

FYI...

DNS-BH Aug3 Update – relisted domains
- http://www.malwaredo...rdpress/?p=2813
August 3rd, 2012 - "Added 203 domains – domains were at one time delisted but are once again associated with malware..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#275 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 09 August 2012 - 11:15 AM

FYI...

Domains and IPs to Block ASAP
- http://www.malwaredo...rdpress/?p=2825
August 9th, 2012 in 0day, sql injection - "Two posts from the Internet Storm Center:
> https://isc.sans.edu...l?storyid=13864
SQL Injection Lilupophilupop style – Lists about a dozen domains you should immediately add to your blocklists plus more in Dynamoos blog*.
> https://isc.sans.edu...l?storyid=13861
Zeus/Citadel variant causing issues in the Netherlands – Follow the links and block those IP addresses ..."

* http://blog.dynamoo....o-block-on.html

:!: :!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#276 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 13 August 2012 - 02:03 PM

FYI...

More sites to block..,
- http://blog.dynamoo....o-block-on.html
13 August 2012 - "More evil sites to block on 194.28.115.150 (Specialist ISP*) following on from these:
idi42nga .rr.nu, kprud89entia .rr.nu, hin66gof .rr.nu, iste03dengi .rr.nu, hing30emplo .rr.nu,
ize84dso .rr.nu, ind42icat .rr.nu, lack33andw .rr.nu"
* http://blog.dynamoo....o-block-on.html
10 August 2012 - "... blocking access to 91.211.200.0/22 and 194.28.112.0/22 (Specialist ISP) plus -all- .rr.nu domains would be even better."

> http://blog.dynamoo....e-pro-spam.html
13 August 2012 - "..."46.51.218.71 (Amazon, Ireland)
71.89.140.153 (Cloudaccess.net, US)
203.80.16.81 (Myren, Malaysia)
Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem..."

Something evil on 178.63.195.128/26
- http://blog.dynamoo....6319512826.html
13 August 2012 - "The IP address range 178.63.195.128/26 nominally belongs to grey hat host Hetzner in Germany, although it has been reallocated to a registrant in Israel. This block recently came up as the source for a ZeroAccess infection picked up from 178.63.195.170. A look at the 178.63.195.128/26 range (178.63.195.128 - 178.63.195.191) shows several suspicious websites with domains apparently generated by DoItQuick (more info here*). Most of the domains are too new to have any reputation, although given the live distribution of malware and the randomly chosen names then they are unlikely to be doing anything nice... quite a lot of suspect sites have recently been moved from this range to point at 127.0.0.1 instead, a common trick when malcious domains needs to be pointed somewhere else quickly.
The registrant for this block is:
inetnum: 178.63.195.128 - 178.63.195.191
address: RUSSIAN FEDERATION
178.63.195.163...
178.63.195.167...
178.63.195.168...
178.63.195.170...
178.63.195.171..."
* https://krebsonsecur...or-black-deeds/

:ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster, 15 August 2012 - 10:42 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#277 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 14 August 2012 - 09:49 AM

FYI...

"Federal Tax" spam...
- http://blog.dynamoo....megleeinfo.html
14 August 2012 - "... tax-themed spam leads to malware...

Date: Tue, 14 Aug 2012 15:21:33 +0200
From: "Internal Revenue Service" [alerts@irs.gov]
Subject: Rejected Federal Tax transfer
Your Tax payment (ID: 38969777924999), recently sent from your checking account was returned by the The Electronic Federal Tax Payment System.
Rejected Tax transaction
Tax Transaction ID: 38969777924999
Return Reason See details in the report below
Tax Transaction Report tax_report_38969777924999.doc (Microsoft Word Document)
...

... malicious payload... hosted on 78.87.123.114 (CYTA, Greece) which has been seen several times lately and should be blocked if you can."
___

"We can not charge your credit card" spam...
- http://blog.dynamoo....-card-spam.html
14 August 2012 - "... spam pretends to be from Amazon. Or UPS. Or perhaps both. Anyway, it leads to malware...

Date: Tue, 14 Aug 2012 05:26:05 +0200
From: "ups" [mail@ups.com]
Subject: We can not charge your credit card
Attachments: Amazon_Invoice.htm
Your Account | Help
Your credit card was blocked.
We tried to withdraw money from your credit card, but your bank decline it. In the attachment you will be found a invoice from your last order. Please pay this invoice as soon as possible...


The attachment Amazon_Invoice.htm is malicious and it attempts to download a malicious script... hosted on the following IPs (which have all been used for malware distribution several times):
190.120.228.92
199.71.212.78
203.80.16.81
..."

:grrr: :ph34r: :ph34r:

Edited by AplusWebMaster, 14 August 2012 - 09:56 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#278 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 23 August 2012 - 04:49 PM

FYI...

Outgoing network traffic & Malicious Activity
- http://www.malwaredo...rdpress/?p=2831
August 23rd, 2012 - "SANs* has a nice write-up about analyzing outgoing network traffic to identify malicious activity. They list a bunch of ip blocklists and IP reputation sources.
(We’ve also has two updates since the last post**, busy at $Jobs...)"

* https://isc.sans.edu...d=13963#comment

** http://www.malwaredo...rdpress/?p=2829
August 14th, 2012

Also see: http://www.malwaredo...ist.com/mdl.php

Latest update: August 23, 2012 2:50 AM
- http://mirror2.malwa...ains.com/files/

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#279 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 28 August 2012 - 06:58 AM

FYI...

DNS-BH Update – 104 new domains
- http://www.malwaredo...rdpress/?p=2833
August 27th, 2012 - "Added 104 new domains from hosts-file.net, safebrowsing.clients.google.com, avgthreatlabs.com and others..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#280 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 29 August 2012 - 07:50 AM

FYI...

Java 0-Day Domains, BH Exploit Kit Domains, other malicious domains
- http://www.malwaredo...rdpress/?p=2837
August 28th, 2012 - "Added domains associated with the Java 0-day, Blackhole Exploit Kit, and other badness. Sources include labs.sucuri.net, blog.fireeye.com, spamhaus.org..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#281 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 03 September 2012 - 03:31 PM

FYI...

Java 0-day, Black Hole Exploits, and other malicious domains...
- http://www.malwaredo...rdpress/?p=2843
September 3rd, 2012 - "... Updates on August 29th and Sept 1st contained domains associated with the Java 0-day, Black Hole Exploits, and other malicious domains (another today @ 1:12 PM*)... Sources include safebrowsing.clients.google.com, scumware.org, blog.dynamoo.com and others..."
* http://mirror2.malwa...ains.com/files/

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#282 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 09 September 2012 - 10:44 AM

FYI...

java exploit domains, rouge antivirus, malspam domains...
- http://www.malwaredo...rdpress/?p=2852
September 8th, 2012 - "Added 101 new domains associated with Java exploits, malicious spam, sutratds, fake antivirus, etc. Sources include emergingthreats.net, google.com/safebrowsing, blog.dynamoo.com..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#283 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 17 September 2012 - 06:13 AM

FYI...

Several Sept Updates
- http://www.malwaredo...rdpress/?p=2862
September 16th, 2012 - "... Recent updates added domains associated with the Java 0day, Black Hole Exploits, etc. All sources are listed in our domain.txt file*..."
* http://dns-bh.sagadc.org/domains.txt

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#284 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 24 September 2012 - 06:19 AM

FYI...

Nitro, malspam, risky domains ...
- http://www.malwaredo...rdpress/?p=2866
September 23rd, 2012 - "Added domains associated with Nitro, malspam, etc. Sources include safebrowsing.google.com, symantec.com, zeustracker.abuse.ch, blog.dynamoo.com, zataz.com, hosts-file.net..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#285 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 25 September 2012 - 05:48 PM

FYI...

Site delistings - Blocklist correction ...
- http://www.malwaredo...rdpress/?p=2871
September 25th, 2012 - "artconcoction.com has been delisted and will be removed on the next update. There is also a (big) mistake in the zone file, don’t wait for an update on our end; please -remove- safebrowsing.clients.google.com* from your zone files ASAP."

* NOTE to AdBlock Plus users: Un-check it in the AdBlock Plus Filter Preference listing.

:!: :!:

Edited by AplusWebMaster, 25 September 2012 - 05:56 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#286 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 27 September 2012 - 10:40 AM

FYI...

malvertising, Black Hole Exploit Kit domains
- http://www.malwaredo...rdpress/?p=2873
September 26th, 2012 - "Added a bunch of domains associated with exploit kits, malvertising, and other badness. Sources include binrand.com, mwis.ru, vxvault.siri-urz.net..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#287 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 29 September 2012 - 12:52 PM

FYI...

140 exploit, driveby, malicious domains
- http://www.malwaredo...rdpress/?p=2876
September 28th, 2012 - "Added 140 domains associated with drivebys, exploits, etc. Sources include wepawet.iseclab.org, urlvoid.com, sucuri.net, and others..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#288 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 03 October 2012 - 07:58 PM

FYI...

250+ Domains...
- http://www.malwaredo...rdpress/?p=2880
October 2nd, 2012 - "Added over 250 domains — iframes, malicious spam, attack sites, etc. Sources: blog.dynamoo.com, safebrowsing.clients.google.com, blog.sucuri.net. etc..."

:!: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#289 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 07 October 2012 - 03:30 PM

FYI...

Sinowal, Sirefef, redkit domains, blackhole, downadup domains
- http://www.malwaredo...rdpress/?p=2885
October 5th, 2012 - "Added 151 domains associated with down adup, blackhole exploits, red kit, sinowal, etc. Sources include threatexpert.com, mwis.ru,
safebrowsing.clients.google.com..."

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#290 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 09 October 2012 - 09:10 PM

FYI...

downadup, iframes, torpig malicious spam domains added
- http://www.malwaredo...rdpress/?p=2889
October 8th, 2012 - "Added 167 domains associated with iframe injection, malspam, torpig, DownAdUp, etc. Sources include threatexpert.com, labs.sucuri.net, blog.dynamoo.com..."

:ph34r: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#291 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 14 October 2012 - 10:29 PM

FYI...

work-at-home scam, kuluoz, trojan domains
- http://www.malwaredo...rdpress/?p=2895
October 12th, 2012 - "A bunch of work-at-home, fraud, scam domains added in addition to the usual black hole exploit kit, trojan, and other malicious domains. Sources include malwareurl.com, emergingthreats.net, malwaredomainlist.com..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#292 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 04 November 2012 - 11:27 AM

FYI...

176 new domains added
- http://www.malwaredo...rdpress/?p=2905
November 3rd, 2012 - "... Added 176 new domains associated with malspam, malicious redirections, exploits, etc. Sources include hosts-file.net, safebrowsing.clients.google.com, blog.dynamoo.com..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#293 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 06 November 2012 - 03:16 PM

FYI...

Big Update – 286 Domains
- http://www.malwaredo...rdpress/?p=2909
November 6th, 2012 - "Added 286 domains from zeustracker.abuse.ch, urlvoid.com, dshield.org, safebrowisng.clients.google.com..."

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#294 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 11 November 2012 - 08:27 PM

FYI...

113 new domains added
- http://www.malwaredo...rdpress/?p=2914
November 10th, 2012 - "Added 113 new domains (onescan,malspam, pharma) listed at blog.dynamoo.com, dshield.org, support.clean-mx.com and others..."

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#295 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 14 November 2012 - 07:12 AM

FYI...

156 New Rogue, Unsafe, Suspicious Domains
- http://www.malwaredo...rdpress/?p=2919
November 12th, 2012 - "Added 156 new domains from dshield.org, hosts-file.net, urlvoid.com and other sources..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#296 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 17 November 2012 - 08:15 PM

FYI...

127 New Malicious Domains
- http://www.malwaredo...rdpress/?p=2921
November 17th, 2012 - "Added 127 new malicious domains from wepawet.iseclab.org, dshield.org, vxvault.siri-urz.net and others..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#297 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 21 November 2012 - 07:43 AM

FYI...

Big Update: 211 Serenity Exploit Kit, Malspam, Malicious Domains
- http://www.malwaredo...rdpress/?p=2925
November 20th, 2012 - "Added 211 domains associated with Serenity Exploit Kit, malicious spam,etc from dshield.org, blog.dynamoo.com, malwaremustdie.blogspot.com..."

21,000 (!) JS/RunForestRun/PseudoRandom Domains
- http://www.malwaredo...rdpress/?p=2929
November 21st, 2012 - "The algorithm for creating Pseudo Random RunForestRun domains has been published by malwarereports.blogspot.com . Full list of domains (21000!) is located here*."
* http://pastebin.com/k3k7ibvJ

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#298 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 24 November 2012 - 06:48 AM

FYI...

DNS-BH - Malware Domain Blocklist
Another big update: 207 domains
- 1 day ago
> received from RSS feed
"207 domains added (iframes, htaccess redirections and other harmful domains) from malwaremustdie.blogspot.com, dshield.org, labs.sucuri.net, etc..."
(Cannot access site - "under constant attack" [DDoS] ...)
Mirror site still available for updates dtd. Nov 22, 2012...

:!: :ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#299 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 26 November 2012 - 07:29 AM

FYI...

Nov 25 Update: 233 New Domains
> received from RSS feed
"Added 223 suspicious, harmful domains originally referenced in malwaredomainlist.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."
(Cannot access site - "under constant attack" [DDoS] ...)
"The server at malwaredomains.com is taking too long to respond."
Mirror site still available for updates dtd. Nov 25, 2012...

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#300 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,126 posts

Posted 28 November 2012 - 07:20 PM

FYI...

Another large update – 187 domains
- http://www.malwaredomains.com/?p=2941
November 28th, 2012 - "Add -187- exploit kit, malicious, koobface domains originally listed on ddanchev.blogspot.com, avgthreatlabs.com, dshield.org and other sources..."

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





6 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users


    Bing (1)
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button