Page 4 of 31 FirstFirst 1234567814 ... LastLast
Results 31 to 40 of 302

Thread: Malware Domain Blocklist updated...

  1. #31
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down More sites to block...

    FYI...

    More sites to block...
    - http://blog.dynamoo.com/2012/08/even...-block-on.html
    13 August 2012 - "More evil sites to block on 194.28.115.150 (Specialist ISP*) following on from these:
    idi42nga .rr.nu, kprud89entia .rr.nu, hin66gof .rr.nu, iste03dengi .rr.nu, hing30emplo .rr.nu,
    ize84dso .rr.nu, ind42icat .rr.nu, lack33andw .rr.nu"
    * http://blog.dynamoo.com/2012/08/yet-...-block-on.html
    10 August 2012 - "... blocking access to 91.211.200.0/22 and 194.28.112.0/22 (Specialist ISP) plus -all- .rr.nu domains would be even better."

    > http://blog.dynamoo.com/2012/08/scan...-pro-spam.html
    13 August 2012 - "..."46.51.218.71 (Amazon, Ireland)
    71.89.140.153 (Cloudaccess.net, US)
    203.80.16.81 (Myren, Malaysia)
    Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem..."

    Something evil on 178.63.195.128/26
    - http://blog.dynamoo.com/2012/08/some...319512826.html
    13 August 2012 - "The IP address range 178.63.195.128/26 nominally belongs to grey hat host Hetzner in Germany, although it has been reallocated to a registrant in Israel. This block recently came up as the source for a ZeroAccess infection picked up from 178.63.195.170. A look at the 178.63.195.128/26 range (178.63.195.128 - 178.63.195.191) shows several suspicious websites with domains apparently generated by DoItQuick (more info here*). Most of the domains are too new to have any reputation, although given the live distribution of malware and the randomly chosen names then they are unlikely to be doing anything nice... quite a lot of suspect sites have recently been moved from this range to point at 127.0.0.1 instead, a common trick when malcious domains needs to be pointed somewhere else quickly.
    The registrant for this block is:
    inetnum: 178.63.195.128 - 178.63.195.191
    address: RUSSIAN FEDERATION
    178.63.195.163...
    178.63.195.167...
    178.63.195.168...
    178.63.195.170...
    178.63.195.171..."
    * https://krebsonsecurity.com/2012/07/...r-black-deeds/

    Last edited by AplusWebMaster; 2012-08-15 at 18:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #32
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down IPs to block - 2012.08.14 ...

    FYI...

    "Federal Tax" spam...
    - http://blog.dynamoo.com/2012/08/fede...egleeinfo.html
    14 August 2012 - "... tax-themed spam leads to malware...

    Date: Tue, 14 Aug 2012 15:21:33 +0200
    From: "Internal Revenue Service" [alerts@irs.gov]
    Subject: Rejected Federal Tax transfer
    Your Tax payment (ID: 38969777924999), recently sent from your checking account was returned by the The Electronic Federal Tax Payment System.
    Rejected Tax transaction
    Tax Transaction ID: 38969777924999
    Return Reason See details in the report below
    Tax Transaction Report tax_report_38969777924999.doc (Microsoft Word Document)
    ...

    ... malicious payload... hosted on 78.87.123.114 (CYTA, Greece) which has been seen several times lately and should be blocked if you can."
    ___

    "We can not charge your credit card" spam...
    - http://blog.dynamoo.com/2012/08/we-c...card-spam.html
    14 August 2012 - "... spam pretends to be from Amazon. Or UPS. Or perhaps both. Anyway, it leads to malware...

    Date: Tue, 14 Aug 2012 05:26:05 +0200
    From: "ups" [mail@ups.com]
    Subject: We can not charge your credit card
    Attachments: Amazon_Invoice.htm
    Your Account | Help
    Your credit card was blocked.
    We tried to withdraw money from your credit card, but your bank decline it. In the attachment you will be found a invoice from your last order. Please pay this invoice as soon as possible...


    The attachment Amazon_Invoice.htm is malicious and it attempts to download a malicious script... hosted on the following IPs (which have all been used for malware distribution several times):
    190.120.228.92
    199.71.212.78
    203.80.16.81
    ..."

    Last edited by AplusWebMaster; 2012-08-14 at 17:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #33
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.08.23 ...

    FYI...

    Outgoing network traffic & Malicious Activity
    - http://www.malwaredomains.com/wordpress/?p=2831
    August 23rd, 2012 - "SANs* has a nice write-up about analyzing outgoing network traffic to identify malicious activity. They list a bunch of ip blocklists and IP reputation sources.
    (We’ve also had two updates since the last post**, busy at $Jobs...)"

    * https://isc.sans.edu/diary.html?storyid=13963#comment

    ** http://www.malwaredomains.com/wordpress/?p=2829
    August 14th, 2012

    Also see: http://www.malwaredomainlist.com/mdl.php

    Latest update: August 23, 2012 2:50 AM
    - http://mirror2.malwaredomains.com/files/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.08.27 ...

    FYI...

    DNS-BH Update – 104 new domains
    - http://www.malwaredomains.com/wordpress/?p=2833
    August 27th, 2012 - "Added 104 new domains from hosts-file.net, safebrowsing.clients.google.com, avgthreatlabs.com and others..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #35
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.08.28 ...

    FYI...

    Java 0-Day Domains, BH Exploit Kit Domains, other malicious domains
    - http://www.malwaredomains.com/wordpress/?p=2837
    August 28th, 2012 - "Added domains associated with the Java 0-day, Blackhole Exploit Kit, and other badness. Sources include labs.sucuri.net, blog.fireeye.com, spamhaus.org..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #36
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.09.03 ...

    FYI...

    Java 0-day, Black Hole Exploits, and other malicious domains...
    - http://www.malwaredomains.com/wordpress/?p=2843
    September 3rd, 2012 - "... Updates on August 29th and Sept 1st contained domains associated with the Java 0-day, Black Hole Exploits, and other malicious domains (another today @ 1:12 PM*)... Sources include safebrowsing.clients.google.com, scumware.org, blog.dynamoo.com and others..."
    * http://mirror2.malwaredomains.com/files/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #37
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.09.08 ...

    FYI...

    java exploit domains, rouge antivirus, malspam domains...
    - http://www.malwaredomains.com/wordpress/?p=2852
    September 8th, 2012 - "Added 101 new domains associated with Java exploits, malicious spam, sutratds, fake antivirus, etc. Sources include emergingthreats.net, google.com/safebrowsing, blog.dynamoo.com..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #38
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.09.16 ..

    FYI...

    Several Sept Updates
    - http://www.malwaredomains.com/wordpress/?p=2862
    September 16th, 2012 - "... Recent updates added domains associated with the Java 0day, Black Hole Exploits, etc. All sources are listed in our domain.txt file*..."
    * http://dns-bh.sagadc.org/domains.txt

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #39
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.09.23 ...

    FYI...

    Nitro, malspam, risky domains ...
    - http://www.malwaredomains.com/wordpress/?p=2866
    September 23rd, 2012 - "Added domains associated with Nitro, malspam, etc. Sources include safebrowsing.google.com, symantec.com, zeustracker.abuse.ch, blog.dynamoo.com, zataz.com, hosts-file.net..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #40
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Blocklist delistings - correction 2012.09.25 ...

    FYI...

    Site delistings - Blocklist correction ...
    - http://www.malwaredomains.com/wordpress/?p=2871
    September 25th, 2012 - "artconcoction.com has been delisted and will be removed on the next update. There is also a (big) mistake in the zone file, don’t wait for an update on our end; please -remove- safebrowsing.clients.google.com* from your zone files ASAP."

    * NOTE to AdBlock Plus users: Un-check it in the AdBlock Plus Filter Preference listing.

    Last edited by AplusWebMaster; 2012-09-26 at 01:54.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •