-
Malware Domain Blocklist updated - 2012.09.26 ...
FYI...
malvertising, Black Hole Exploit Kit domains
- http://www.malwaredomains.com/wordpress/?p=2873
September 26th, 2012 - "Added a bunch of domains associated with exploit kits, malvertising, and other badness. Sources include binrand.com, mwis.ru, vxvault.siri-urz.net..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.09.28 ...
FYI...
140 exploit, driveby, malicious domains
- http://www.malwaredomains.com/wordpress/?p=2876
September 28th, 2012 - "Added 140 domains associated with drivebys, exploits, etc. Sources include wepawet.iseclab.org, urlvoid.com, sucuri.net, and others..."
:fear:
-
Malware Domain Blocklist updated - 2012.10.02 ...
FYI...
250+ Domains...
- http://www.malwaredomains.com/wordpress/?p=2880
October 2nd, 2012 - "Added over 250 domains — iframes, malicious spam, attack sites, etc. Sources: blog.dynamoo.com, safebrowsing.clients.google.com, blog.sucuri.net. etc..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.10.05 ...
FYI...
Sinowal, Sirefef, redkit domains, blackhole, downadup domains
- http://www.malwaredomains.com/wordpress/?p=2885
October 5th, 2012 - "Added 151 domains associated with down adup, blackhole exploits, red kit, sinowal, etc. Sources include threatexpert.com, mwis.ru, safebrowsing.clients.google.com..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.10.08 ...
FYI...
downadup, iframes, torpig malicious spam domains added
- http://www.malwaredomains.com/wordpress/?p=2889
October 8th, 2012 - "Added 167 domains associated with iframe injection, malspam, torpig, DownAdUp, etc. Sources include threatexpert.com, labs.sucuri.net, blog.dynamoo.com..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.10.12 ...
FYI...
work-at-home scam, kuluoz, trojan domains
- http://www.malwaredomains.com/wordpress/?p=2895
October 12th, 2012 - "A bunch of work-at-home, fraud, scam domains added in addition to the usual black hole exploit kit, trojan, and other malicious domains. Sources include malwareurl.com, emergingthreats.net, malwaredomainlist.com..."
:fear:
-
Malware Domain Blocklist updated - 2012.11.03 ...
FYI...
176 new domains added
- http://www.malwaredomains.com/wordpress/?p=2905
November 3rd, 2012 - "... Added 176 new domains associated with malspam, malicious redirections, exploits, etc. Sources include hosts-file.net, safebrowsing.clients.google.com, blog.dynamoo.com..."
:fear:
-
Malware Domain Blocklist updated - 2012.11.06 ...
FYI...
Big Update – 286 Domains
- http://www.malwaredomains.com/wordpress/?p=2909
November 6th, 2012 - "Added 286 domains from zeustracker.abuse.ch, urlvoid.com, dshield.org, safebrowisng.clients.google.com..."
:fear: :fear:
-
Malware Domain Blocklist updated - 2012.11.10 ...
FYI...
113 new domains added
- http://www.malwaredomains.com/wordpress/?p=2914
November 10th, 2012 - "Added 113 new domains (onescan,malspam, pharma) listed at blog.dynamoo.com, dshield.org, support.clean-mx.com and others..."
:fear:
-
Malware Domain Blocklist updated - 2012.11.12 ...
FYI...
156 New Rogue, Unsafe, Suspicious Domains
- http://www.malwaredomains.com/wordpress/?p=2919
November 12th, 2012 - "Added 156 new domains from dshield.org, hosts-file.net, urlvoid.com and other sources..."
:fear:
-
Malware Domain Blocklist updated - 2012.11.17 ...
FYI...
127 New Malicious Domains
- http://www.malwaredomains.com/wordpress/?p=2921
November 17th, 2012 - "Added 127 new malicious domains from wepawet.iseclab.org, dshield.org, vxvault.siri-urz.net and others..."
:fear:
-
Malware Domain Blocklist updated - 2012.11.20 ...
FYI...
Big Update: 211 Serenity Exploit Kit, Malspam, Malicious Domains
- http://www.malwaredomains.com/wordpress/?p=2925
November 20th, 2012 - "Added 211 domains associated with Serenity Exploit Kit, malicious spam,etc from dshield.org, blog.dynamoo.com, malwaremustdie.blogspot.com..."
21,000 (!) JS/RunForestRun/PseudoRandom Domains
- http://www.malwaredomains.com/wordpress/?p=2929
November 21st, 2012 - "The algorithm for creating Pseudo Random RunForestRun domains has been published by malwarereports.blogspot.com . Full list of domains (21000!) is located here*."
* http://pastebin.com/k3k7ibvJ
:fear::fear:
-
Malware Domain Blocklist updated - 2012.11.22 ...
FYI...
DNS-BH - Malware Domain Blocklist
Another big update: 207 domains
- 1 day ago
> received from RSS feed
"207 domains added (iframes, htaccess redirections and other harmful domains) from malwaremustdie.blogspot.com, dshield.org, labs.sucuri.net, etc..."
(Cannot access site - "under constant attack" [DDoS] ...)
Mirror site still available for updates dtd. Nov 22, 2012...
:mad::fear:
-
Malware Domain Blocklist updated - 2012.11.25 ...
FYI...
Nov 25 Update: 233 New Domains
> received from RSS feed
"Added 223 suspicious, harmful domains originally referenced in malwaredomainlist.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."
(Cannot access site - "under constant attack" [DDoS] ...)
"The server at malwaredomains.com is taking too long to respond."
Mirror site still available for updates dtd. Nov 25, 2012...
:fear::fear:
-
Malware Domain Blocklist updated - 2012.11.27 ...
FYI...
Another large update – 187 domains
- http://www.malwaredomains.com/?p=2941
November 28th, 2012 - "Add -187- exploit kit, malicious, koobface domains originally listed on ddanchev.blogspot.com, avgthreatlabs.com, dshield.org and other sources..."
:fear:
-
Malware Domain Blocklist updated - 2012.12.01 ...
FYI...
exploit special – over 240 domains added
- http://www.malwaredomains.com/?p=2945
December 2nd, 2012 - "Added over 240 domains flagged as coolexploitkit, Nuclearexploitkit, bhexploitkit along with the usual array of malicious domains originally listed at mwis.ru, kahusecurity.com, malwaredomainlist.com..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.12.05 ...
FYI...
malspam, zeus, iceix domains
- http://www.malwaredomains.com/?p=2949
December 5th, 2012 - "Added -116- domains associated with malspam. zeus, iceix, etc. Sources: malwaredomainlist.com, blog.dynamoo.com, vxvault.siri-urz.net and others..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.12.09 ...
FYI...
Over 320 Domains Added
- http://www.malwaredomains.com/?p=2952
December 9th, 2012 - "Added over -320- Domains. Please update your blocklists..."
Joomla (and WordPress) Bulk Exploit ongoing
- http://www.malwaredomains.com/?p=2955
December 10th, 2012 - "Sans reports* that there is an ongoing bulk Joomla and WordPress exploit, complete with iframes pointing to Fake AV. If anyone has seen a published list of the FQDN’s involved in this, please let us know so we can add those domains here."
* https://isc.sans.edu/diary.html?storyid=14677
Last Updated: 2012-12-10 23:17:33 UTC - "... reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. We'll get to the downloaded in a second, but the interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. We'd like PCAPs or weblogs if you're seeing something similar in your environment. Right now it seems the biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which don't tend to break your website). The IFRAMES seem to have rapidly changing FQDN's* that it is using but the common element is /nightend.cgi?8. Two of the bad IPs that seem to be frequent offenders are 78.157.192.72 and 108.174.52.38. Ultimately it pulls FakeAV software to do it's badness. Mediation is your typical advice, make sure all your software is up-to-date and kept that way on a regular basis. If you have weblogs (particularly verbose ones), I would be interested in seeing them..."
* Fully Qualified Domain Name
Joomla sites misused to deploy malware
- http://h-online.com/-1766841
12 Dec 2012 - "... Joomla site administrators should be sure to check whether they installed the Joomla Content Editor at some point in the past; if they have, they should update it to the current version JCE 2.3.1*. Those who have found an old version should also check any JavaScript files for suspicious iFrames. A quick overview is available via the
find . -print0 -name \*.js | xargs -0 grep -i iframe
command line instruction. This instruction doesn't cover variants in which the iFrame tag is assembled at a later stage via script code, but none of the infected sites that are known to heise Security include such variants. The injected PHP backdoor can often be found at /images/stories/story.php."
* http://www.joomlacontenteditor.net/n...e-231-released
:fear: :mad:
-
Malware Domain Blocklist updated - 2012.12.11 ...
FYI...
142 malspam, iframe, joomla exploit, malicious domains
- http://www.malwaredomains.com/?p=2963
December 11th, 2012 - "Added -142- domains associated with malspam, iframe/joomla exploit. Sources include safebrowsing.clients.google.com, blog.dynamoo.com, labs.sucuri.net..."
:fear:
-
Malware Domain Blocklist updated - 2012.12.13 ...
FYI...
247 kelihos, runforestrun domains
- http://www.malwaredomains.com/?p=2972
December 14th, 2012 - "247 domains (kelihos, runforestrun and others) were added. Sources include abuse.ch, malwaremustdie.blogspot.com..."
___
citadel, zeus, harmful domains
- http://www.malwaredomains.com/?p=2979
December 16th, 2012 - "Added -189- domains associated with citadel, zeus and other badness. Sources include zeustracker.abuse.ch, spamhaus.org, malwaredomainlist.com, safeweb.norton.com..."
:fear:
-
Malware Domain Blocklist updated - 2012.12.21 ...
FYI...
Lots of Malspam Domains
- http://www.malwaredomains.com/?p=2982
December 21st, 2012 - "Added over 150 domains, mainly malicious spam domains from blog.dynamoo.com..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.12.24 ...
FYI...
Large Update – almost 300 domains
- http://www.malwaredomains.com/?p=2986
December 23rd, 2012 - "Added almost -300- domains associated with malicious spam, harmful “safebrowsing” domains, iframes and redirections. Sources include safebrowsing.clients.google.com, labs.sucuri.net, blog.dynamoo.com..."
:fear::fear:
-
Malware Domain Blocklist updated - 2012.12.26 ...
FYI...
Huge Update – almost 1000 domains (!)
- http://www.malwaredomains.com/?p=2992
December 26th, 2012 - "Added almost 1000 malicious spam domains from dynamoo’s blog*..."
* http://blog.dynamoo.com/
:fear::fear::fear:
-
Malware Domain Blocklist updated - 2012.12.29 ...
FYI...
bhexploitkit, scam, bredolab, malicious iframes
- http://www.malwaredomains.com/?p=2995
December 29th, 2012 - "Added over -230- domains associated with bredolab, blackhole exploit kit, coolexploitkit, nuclearexploitkit, etc. Sources include mwis.ru, safebrowsing.clients.google.com, urlquery.net..."
:fear::fear:
-
Malware Domain Blocklist updated - 2013.01.02 ...
FYI...
Lots of malspam and other harmful domains
- http://www.malwaredomains.com/?p=3009
January 2nd, 2013 - "Added 318 domains, mainly from dynamoo.com and safebrowsing.clients.google.com..."
:fear:
-
Malware Domain Blocklist updated - 2013.01.05 ...
FYI...
Lots of malspam domains
- http://www.malwaredomains.com/?p=3012
January 5th, 2013 - "Added over -120- domains, mainly malicious spam listed blog.dynamoo.com and other harmful domains listed at vxvault.siri-urz.net and other reputable web sites..."
:fear::fear:
-
Malware Domain Blocklist updated - 2013.01.08 ...
FYI...
iframes, redirections, other harmful domains
- http://www.malwaredomains.com/?p=3017
January 8th, 2013 - "Added 185 domains associated with iframes, htaccess redirects, etc..."
:fear:
-
Malware Domain Blocklist updated - 2013.01.10 ...
FYI...
TinyBanker, moneymule, exploit domains
- http://www.malwaredomains.com/?p=3021
January 10th, 2013 - "Added over -200- malicious domains (exploit, moneymule, tiny banker, etc) originally listed at ddanchev.blogspot.com, virustracker.info, hosts-file.net, and others..."
:fear::fear:
-
Malware Domain Blocklist updated - 2013.01.12 ...
FYI...
bamital, zeroaccess, malspam domains
- http://www.malwaredomains.com/?p=3025
January 12th, 2013 - "Added -440- domains associated with zeroaccess, bamital and malicious spam from virustracker.info and blog.dynamoo.com..."
:fear::fear:
-
Malware Domain Blocklist updated - 2013.01.15 ...
FYI...
Over 360 domains added
- http://www.malwaredomains.com/?p=3028
January 15th, 2013 - "Over 360 domains added, mainly multibanker and domains flagged by google safebrowsing..."
:fear::fear:
-
Malware Domain Blocklist updated - 2013.01.17 ...
FYI...
gameover zeus domains
- http://www.malwaredomains.com/?p=3032
January 17th, 2013 - "Added -275- domains, mainly zeus_gameover domains from virustracker.info..."
:fear::fear:
-
Malware Domain Blocklist updated - 2013.01.25 ...
FYI...
Three Updates – January 18, 20 & 25th…
- http://www.malwaredomains.com/?p=3036
January 26th, 2013 - "Been late on updating this blog. The update on January 18 was -239- domains. January 20th’s update was -233- domains, and the update on January 25th was of -269- domains..."
:fear::fear: :sad:
-
Malware Domain Blocklist updated - 2013.02.03 ...
FYI...
iframes, malspam, zbot, g01pack, malvertising domains
- http://www.malwaredomains.com/?p=3051
February 3rd, 2013 - "Added 150+ domains associated with g01pack, malvertising, zbot, spyeye, malspam, etc. Sources include blog.dynamoo.com, urlquery.net, scumware.org and others..."
:fear:
-
Malware Domain Blocklist updated - 2013.02.04 ...
FYI...
116 suspicious, malicious domains
- http://www.malwaredomains.com/?p=3058
February 4th, 2013 - "Added 116 domains from blog.dynamoo.com, dshield.org, vxvault.siri-urz.net and others..."
:fear:
-
Malware Domain Blocklist updated - 2013.02.12 ...
FYI...
Feb 6, 8, 10 updates
- http://www.malwaredomains.com/?p=3064
February 12th, 2013 - "Feb 6 – 171 new domains added, Feb 8 – 146 new domains added, Feb 10 – 202 new domains added..."
:fear::fear::fear:
-
Malware Domain Blocklist updated - 2013.02.13 ...
FYI...
225 Malspam Domains
- http://www.malwaredomains.com/?p=3069
February 13th, 2013 - "Added 225 malicious spam domains from Dynamoo’s awesome blog ( http://blog.dynamoo.com/ )..."
:fear:
-
Malware Domain Blocklist updated - 2013.02.16 ...
FYI...
175 new domains
- http://www.malwaredomains.com/?p=3073
February 16th, 2013 - "Added 175 new domains from blog.dynamoo.com, riskanalytics.com, and safebrowsing.clients.google.com..."
:fear:
-
Malware Domain Blocklist updated - 2013.02.19 ...
FYI...
CritXPack, zeus, expiro domains
- http://www.malwaredomains.com/?p=3079
February 19th, 2013 - "Added 190+ domains associated with zeus/gameover, expiro_z, CritXPack and other badness. Sources include virustracker.info, hosts-file.net, blog.dynamoo.com and others..."
:fear:
-
Malware Domain Blocklist updated - 2013.02.22 ...
FYI...
Malicious iframe domains
- http://www.malwaredomains.com/?p=3087
February 22nd, 2013 - "... two important updates –363- domains added on 2/20 and another -220- added on 2/21 (lots of the malicious iframe domains)..."
:fear::fear:
-
Malware Domain Blocklist updated - 2013.02.26 ...
FYI...
146 domains added
- http://www.malwaredomains.com/?p=3094
February 26th, 2013 - "Added 146 domains from malwarepatrol.net, malwareurls.joxeankoret.com, virustracker.info and other sources..."
:fear::fear: