Page 6 of 31 FirstFirst ... 234567891016 ... LastLast
Results 51 to 60 of 302

Thread: Malware Domain Blocklist updated...

  1. #51
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.11.17 ...

    FYI...

    127 New Malicious Domains
    - http://www.malwaredomains.com/wordpress/?p=2921
    November 17th, 2012 - "Added 127 new malicious domains from wepawet.iseclab.org, dshield.org, vxvault.siri-urz.net and others..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #52
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.11.20 ...

    FYI...

    Big Update: 211 Serenity Exploit Kit, Malspam, Malicious Domains
    - http://www.malwaredomains.com/wordpress/?p=2925
    November 20th, 2012 - "Added 211 domains associated with Serenity Exploit Kit, malicious spam,etc from dshield.org, blog.dynamoo.com, malwaremustdie.blogspot.com..."

    21,000 (!) JS/RunForestRun/PseudoRandom Domains
    - http://www.malwaredomains.com/wordpress/?p=2929
    November 21st, 2012 - "The algorithm for creating Pseudo Random RunForestRun domains has been published by malwarereports.blogspot.com . Full list of domains (21000!) is located here*."
    * http://pastebin.com/k3k7ibvJ

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #53
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.11.22 ...

    FYI...

    DNS-BH - Malware Domain Blocklist
    Another big update: 207 domains
    - 1 day ago
    > received from RSS feed
    "207 domains added (iframes, htaccess redirections and other harmful domains) from malwaremustdie.blogspot.com, dshield.org, labs.sucuri.net, etc..."
    (Cannot access site - "under constant attack" [DDoS] ...)
    Mirror site still available for updates dtd. Nov 22, 2012...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #54
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.11.25 ...

    FYI...

    Nov 25 Update: 233 New Domains
    > received from RSS feed
    "Added 223 suspicious, harmful domains originally referenced in malwaredomainlist.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."
    (Cannot access site - "under constant attack" [DDoS] ...)
    "The server at malwaredomains.com is taking too long to respond."
    Mirror site still available for updates dtd. Nov 25, 2012...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #55
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.11.27 ...

    FYI...

    Another large update – 187 domains
    - http://www.malwaredomains.com/?p=2941
    November 28th, 2012 - "Add -187- exploit kit, malicious, koobface domains originally listed on ddanchev.blogspot.com, avgthreatlabs.com, dshield.org and other sources..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #56
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.12.01 ...

    FYI...

    exploit special – over 240 domains added
    - http://www.malwaredomains.com/?p=2945
    December 2nd, 2012 - "Added over 240 domains flagged as coolexploitkit, Nuclearexploitkit, bhexploitkit along with the usual array of malicious domains originally listed at mwis.ru, kahusecurity.com, malwaredomainlist.com..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #57
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.12.05 ...

    FYI...

    malspam, zeus, iceix domains
    - http://www.malwaredomains.com/?p=2949
    December 5th, 2012 - "Added -116- domains associated with malspam. zeus, iceix, etc. Sources: malwaredomainlist.com, blog.dynamoo.com, vxvault.siri-urz.net and others..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #58
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.12.09 ...

    FYI...

    Over 320 Domains Added
    - http://www.malwaredomains.com/?p=2952
    December 9th, 2012 - "Added over -320- Domains. Please update your blocklists..."

    Joomla (and WordPress) Bulk Exploit ongoing
    - http://www.malwaredomains.com/?p=2955
    December 10th, 2012 - "Sans reports* that there is an ongoing bulk Joomla and WordPress exploit, complete with iframes pointing to Fake AV. If anyone has seen a published list of the FQDN’s involved in this, please let us know so we can add those domains here."
    * https://isc.sans.edu/diary.html?storyid=14677
    Last Updated: 2012-12-10 23:17:33 UTC - "... reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. We'll get to the downloaded in a second, but the interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. We'd like PCAPs or weblogs if you're seeing something similar in your environment. Right now it seems the biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which don't tend to break your website). The IFRAMES seem to have rapidly changing FQDN's* that it is using but the common element is /nightend.cgi?8. Two of the bad IPs that seem to be frequent offenders are 78.157.192.72 and 108.174.52.38. Ultimately it pulls FakeAV software to do it's badness. Mediation is your typical advice, make sure all your software is up-to-date and kept that way on a regular basis. If you have weblogs (particularly verbose ones), I would be interested in seeing them..."
    * Fully Qualified Domain Name

    Joomla sites misused to deploy malware
    - http://h-online.com/-1766841
    12 Dec 2012 - "... Joomla site administrators should be sure to check whether they installed the Joomla Content Editor at some point in the past; if they have, they should update it to the current version JCE 2.3.1*. Those who have found an old version should also check any JavaScript files for suspicious iFrames. A quick overview is available via the
    find . -print0 -name \*.js | xargs -0 grep -i iframe
    command line instruction. This instruction doesn't cover variants in which the iFrame tag is assembled at a later stage via script code, but none of the infected sites that are known to heise Security include such variants. The injected PHP backdoor can often be found at /images/stories/story.php."
    * http://www.joomlacontenteditor.net/n...e-231-released

    Last edited by AplusWebMaster; 2012-12-12 at 14:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #59
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.12.11 ...

    FYI...

    142 malspam, iframe, joomla exploit, malicious domains
    - http://www.malwaredomains.com/?p=2963
    December 11th, 2012 - "Added -142- domains associated with malspam, iframe/joomla exploit. Sources include safebrowsing.clients.google.com, blog.dynamoo.com, labs.sucuri.net..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #60
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malware Domain Blocklist updated - 2012.12.13 ...

    FYI...

    247 kelihos, runforestrun domains
    - http://www.malwaredomains.com/?p=2972
    December 14th, 2012 - "247 domains (kelihos, runforestrun and others) were added. Sources include abuse.ch, malwaremustdie.blogspot.com..."
    ___

    citadel, zeus, harmful domains
    - http://www.malwaredomains.com/?p=2979
    December 16th, 2012 - "Added -189- domains associated with citadel, zeus and other badness. Sources include zeustracker.abuse.ch, spamhaus.org, malwaredomainlist.com, safeweb.norton.com..."

    Last edited by AplusWebMaster; 2012-12-21 at 15:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •