Malware Domain Blocklist updated - 2012.07.10 ...
FYI...
246 malicious domains added...
- http://www.malwaredomains.com/wordpress/?p=2783
July 10th, 2012 - "A very large update consisting of 246 domains associated with malvertising, iframes, black hole exploits, etc. Sources include malwaredomainlist.com, sucuri.net, dynamoo.com..."
:fear::fear::spider:
Malware Domain Blocklist updated - 2012.07.12 ...
FYI...
RunForestRun, malspam, malvertising Domains
- http://www.malwaredomains.com/wordpress/?p=2788
July 12th, 2012 - "Added 150 domains (runforestrun, malspam, malvertising)."
:fear:
Malware Domain Blocklist updated - 2012.07.16 ...
FYI...
Relisted Domains ...
- http://www.malwaredomains.com/wordpress/?p=2791
July 16th, 2012 - "Just went through a bunch of older domains and relisted almost 50 of them. Or do the bad guys wait and “lay low” with their domain until “the coast is clear” and once google safebrowsing delists them, they once again use the domain to serve up malware (Whack-a-Mole)? Do they have google APIs and check daily to see if their domain is delisted?... It’s like fast-flux except the time frame is months instead of minutes.:
:fear: :sad:
Malware Domain Blocklist updates ...
FYI...
DNS-BH Updates: 7.19 and 7.21
- http://www.malwaredomains.com/wordpress/?p=2794
July 22nd, 2012 - "Been remiss about mentioning updates on 7.19 and 7.21. Please update your blocklists/sinkhole..."
:fear::fear:
IntelliDownload malvertising...
FYI...
IntelliDownload (stopmalvertising.com)
- http://www.malwaredomains.com/wordpress/?p=2797
July 23rd, 2012 - "... article about IntelliDownload*...
* http://stopmalvertising.com/malware-...-browsing.html
Jul 20, 2012 - "... it doesn’t disclose that it will hijack advertisements on several major websites and replace them with ads from oadsrv .com, scrape your Facebook data, spy on your browser session and report every move you make on the web back to chango .com ..."
Please study the domains listed in the article and take appropriate action (the domains have -not- yet been added to this blocklist)."
:fear: :mad:
Malware Domain Blocklist updated - 2012.07.25 ...
FYI...
Java Exploit domains, trojans, rogues
- http://www.malwaredomains.com/wordpress/?p=2800
July 25th, 2012 - "A small but important update containing domains associated with Java exploits, rogue antivirus, trojans, and other malicious domains you don’t want visiting your computer or network. Sources include mwis.ru, malwaredomainlist.com, and urlquery.net..."
___
- https://blogs.technet.com/b/mmpc/arc...edirected=true
25 Jul 2012 - "The last few months we have seen a drastic increase in Java-based malware abusing the CVE-2012-0507* AtomicReferenceArray type-confusion vulnerability. In addition to that, a few weeks ago, a new Java vulnerability was found (CVE-2012-1723)**; it is also a type-confusion vulnerability. The attack abusing this new vulnerability is also very active... The most effective measure against these vulnerabilities is -updating- your Java installation. To check the version of JRE your browser is running, visit following link:
http://www.java.com/en/download/installed.jsp ..."
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0507 - 10.0 (HIGH)
** http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1723 - 10.0 (HIGH)
:fear:
Domain Blocklist update...
FYI...
RunForestRun DGA Update (update your Domain Blocklist) ...
- http://www.malwaredomains.com/wordpress/?p=2805
July 26th, 2012 in 0day, New Domains
> http://blog.unmaskparasites.com/2012...mate-js-files/
26 Jul 12 - "... a quick recap of the RunForestRun attack: It began in mid-June and infected many servers with Plesk Panel since then. Hackers used Plesk’s File Manager to inject malicious code (mainly) at the bottom of .js files..."
"RunForestRun has changed the domain generating algorithm (DGA), and now uses waw.pl subdomains (instead of .ru) in malicious URLs."
:sad: :mad: :fear:
Malware Domain Blocklist updated - 2012.07.28 ...
FYI...
RunForestRun DGA Domains
- http://www.malwaredomains.com/wordpress/?p=2811
July 28th, 2012 - "Added over 200 RunForestRun Domains listed at blog.unmaskparasites.com."
:fear::fear:
Malware Domain Blocklist updated - 2012.08.03 ...
FYI...
DNS-BH Aug3 Update – relisted domains
- http://www.malwaredomains.com/wordpress/?p=2813
August 3rd, 2012 - "Added 203 domains – domains were at one time delisted but are once again associated with malware..."
:fear::fear:
Domain blocks/IPs to Block ASAP...
FYI...
Domains and IPs to Block ASAP
- http://www.malwaredomains.com/wordpress/?p=2825
August 9th, 2012 in 0day, sql injection - "Two posts from the Internet Storm Center:
> https://isc.sans.edu/diary.html?storyid=13864
SQL Injection Lilupophilupop style – Lists about a dozen domains you should immediately add to your blocklists plus more in Dynamoos blog*.
> https://isc.sans.edu/diary.html?storyid=13861
Zeus/Citadel variant causing issues in the Netherlands – Follow the links and block those IP addresses ..."
* http://blog.dynamoo.com/2012/08/more...-block-on.html
:fear: :mad::mad: