IPs to block - 2012.08.14 ...
FYI...
"Federal Tax" spam...
- http://blog.dynamoo.com/2012/08/fede...egleeinfo.html
14 August 2012 - "... tax-themed spam leads to malware...
Date: Tue, 14 Aug 2012 15:21:33 +0200
From: "Internal Revenue Service" [alerts@irs.gov]
Subject: Rejected Federal Tax transfer
Your Tax payment (ID: 38969777924999), recently sent from your checking account was returned by the The Electronic Federal Tax Payment System.
Rejected Tax transaction
Tax Transaction ID: 38969777924999
Return Reason See details in the report below
Tax Transaction Report tax_report_38969777924999.doc (Microsoft Word Document) ...
... malicious payload... hosted on 78.87.123.114 (CYTA, Greece) which has been seen several times lately and should be blocked if you can."
___
"We can not charge your credit card" spam...
- http://blog.dynamoo.com/2012/08/we-c...card-spam.html
14 August 2012 - "... spam pretends to be from Amazon. Or UPS. Or perhaps both. Anyway, it leads to malware...
Date: Tue, 14 Aug 2012 05:26:05 +0200
From: "ups" [mail@ups.com]
Subject: We can not charge your credit card
Attachments: Amazon_Invoice.htm
Your Account | Help
Your credit card was blocked.
We tried to withdraw money from your credit card, but your bank decline it. In the attachment you will be found a invoice from your last order. Please pay this invoice as soon as possible...
The attachment Amazon_Invoice.htm is malicious and it attempts to download a malicious script... hosted on the following IPs (which have all been used for malware distribution several times):
190.120.228.92
199.71.212.78
203.80.16.81 ..."
:mad::mad:
Malware Domain Blocklist updated - 2012.08.23 ...
FYI...
Outgoing network traffic & Malicious Activity
- http://www.malwaredomains.com/wordpress/?p=2831
August 23rd, 2012 - "SANs* has a nice write-up about analyzing outgoing network traffic to identify malicious activity. They list a bunch of ip blocklists and IP reputation sources.
(We’ve also had two updates since the last post**, busy at $Jobs...)"
* https://isc.sans.edu/diary.html?storyid=13963#comment
** http://www.malwaredomains.com/wordpress/?p=2829
August 14th, 2012
Also see: http://www.malwaredomainlist.com/mdl.php
Latest update: August 23, 2012 2:50 AM
- http://mirror2.malwaredomains.com/files/
:fear::fear:
Malware Domain Blocklist updated - 2012.08.27 ...
FYI...
DNS-BH Update – 104 new domains
- http://www.malwaredomains.com/wordpress/?p=2833
August 27th, 2012 - "Added 104 new domains from hosts-file.net, safebrowsing.clients.google.com, avgthreatlabs.com and others..."
:fear:
Malware Domain Blocklist updated - 2012.08.28 ...
FYI...
Java 0-Day Domains, BH Exploit Kit Domains, other malicious domains
- http://www.malwaredomains.com/wordpress/?p=2837
August 28th, 2012 - "Added domains associated with the Java 0-day, Blackhole Exploit Kit, and other badness. Sources include labs.sucuri.net, blog.fireeye.com, spamhaus.org..."
:fear::fear:
Malware Domain Blocklist updated - 2012.09.03 ...
FYI...
Java 0-day, Black Hole Exploits, and other malicious domains...
- http://www.malwaredomains.com/wordpress/?p=2843
September 3rd, 2012 - "... Updates on August 29th and Sept 1st contained domains associated with the Java 0-day, Black Hole Exploits, and other malicious domains (another today @ 1:12 PM*)... Sources include safebrowsing.clients.google.com, scumware.org, blog.dynamoo.com and others..."
* http://mirror2.malwaredomains.com/files/
:fear:
Malware Domain Blocklist updated - 2012.09.08 ...
FYI...
java exploit domains, rouge antivirus, malspam domains...
- http://www.malwaredomains.com/wordpress/?p=2852
September 8th, 2012 - "Added 101 new domains associated with Java exploits, malicious spam, sutratds, fake antivirus, etc. Sources include emergingthreats.net, google.com/safebrowsing, blog.dynamoo.com..."
:fear::fear:
Malware Domain Blocklist updated - 2012.09.16 ..
FYI...
Several Sept Updates
- http://www.malwaredomains.com/wordpress/?p=2862
September 16th, 2012 - "... Recent updates added domains associated with the Java 0day, Black Hole Exploits, etc. All sources are listed in our domain.txt file*..."
* http://dns-bh.sagadc.org/domains.txt
:fear::fear:
Malware Domain Blocklist updated - 2012.09.23 ...
FYI...
Nitro, malspam, risky domains ...
- http://www.malwaredomains.com/wordpress/?p=2866
September 23rd, 2012 - "Added domains associated with Nitro, malspam, etc. Sources include safebrowsing.google.com, symantec.com, zeustracker.abuse.ch, blog.dynamoo.com, zataz.com, hosts-file.net..."
:fear::fear:
Blocklist delistings - correction 2012.09.25 ...
FYI...
Site delistings - Blocklist correction ...
- http://www.malwaredomains.com/wordpress/?p=2871
September 25th, 2012 - "artconcoction.com has been delisted and will be removed on the next update. There is also a (big) mistake in the zone file, don’t wait for an update on our end; please -remove- safebrowsing.clients.google.com* from your zone files ASAP."
* NOTE to AdBlock Plus users: Un-check it in the AdBlock Plus Filter Preference listing.
:fear::fear: