Malware Domain Blocklist updated...

AplusWebMaster

AplusWebMaster

New member
Advisor Team
FYI...

DNS-BH – Malware Domain Blocklist
- http://www.malwaredomains.com/

- http://www.malwaredomains.com/wordpress/?page_id=2
"The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.

This list is also available in AdBlock and ISA Format..."

To install the AdblockPlus extension in Firefox, click here:
- https://addons.mozilla.org/en-US/firefox/addon/1865

- http://www.youtube.com/watch?v=oNvb2SjVjjI

Blocking malicious sites with Adblock Plus
- http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus
"... another layer of protection..."
Scroll down to: "... click here to subscribe to the list in Adblock Plus..." and click on the link - click OK to the popup for "Add subscription" - done.

:fear:
 
Last edited:
Malware Domain Blocklist updated - 2012.04.18

FYI...

hostexploit.com top bad hosts – 2012 Q1
- http://www.malwaredomains.com/wordpress/?p=2612
April 18th, 2012 - "We added our 'friends' nikjju . com and best-antiviruu.de .lv and also listed domains from ISP’s or hosting services listed on hostexploit.com‘s Q1 report on the top bad hosts*. To round things out, we also added domains flagged by sucuri as having malicious javascript or iframes..."
* http://hostexploit.com/
___

Top 3 AS listed at Hostexploit:

Diagnostic page for AS16138 (INTERIA.PL)
- http://google.com/safebrowsing/diagnostic?site=AS:16138
"... 1580 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2012-04-19, and the last time suspicious content was found was on 2012-04-19... Over the past 90 days, we found 21 site(s) on this network.. that appeared to function as intermediaries for the infection of 25 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 22 site(s), including... that infected 28 other site(s)..."
> http://sitevet.com/db/asn/AS16138

Diagnostic page for AS47583 (HOSTING)
- http://google.com/safebrowsing/diagnostic?site=AS:47583
"... 1303 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2012-04-19, and the last time suspicious content was found was on 2012-04-18... Over the past 90 days, we found 110 site(s) on this network... that appeared to function as intermediaries for the infection of 934 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 151 site(s)... that infected 1164 other site(s)..."
> http://sitevet.com/db/asn/AS47583

Diagnostic page for AS33182 (DIMENOC)
- http://google.com/safebrowsing/diagnostic?site=AS:33182
"... 1966 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2012-04-19, and the last time suspicious content was found was on 2012-04-19... Over the past 90 days, we found 44 site(s)... that appeared to function as intermediaries for the infection of 65 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 87 site(s)... that infected 160 other site(s)..."
> http://sitevet.com/db/asn/AS33182

:fear::fear:
 
Last edited:
Malware Domain Blocklist updated - 2012.04.29

FYI...

malvertising, malicious js, bugat domains
- http://www.malwaredomains.com/wordpress/?p=2653
April 29th, 2012 - "Added 137 domains associated with google safebrowsing, malvertising, malicious javascript, etc. Sources include exposure.iseclab.org, safebrowsing.clients.google.com, stopmalvertising.com and others..."

:fear::fear:
 
Malware Domain Blocklist updated - 2012.05.04

FYI...

bhexploitkit, htaccess, iframes, trojans...
- http://www.malwaredomains.com/wordpress/?p=2660
May 4th, 2012 - "Added 110 domains associated with htaccess redirects, malicious iframes, trojans, etc. sources include malwaredomainlist.com, safebrowsing.clients.google.com, jsunpack.jeek.org..."

:fear::fear:
 
Malware Domain Blocklist updated - 2012.05.22

FYI...

htaccess redirects, malicious javascript, trojans
- http://www.malwaredomains.com/wordpress/?p=2684
May 22nd, 2012 - "Added 137 domains associated with htaccess redirects, malvertising, iframes, trojans, etc. Sources: exposure.iseclab.org, threatexpert.com, zeustracker, sucuri.net, and others..."

:fear::fear:
 
Malware Domain Blocklist updated - 2012.06.01 ...

FYI...

Flamer, htaccess, botnet, malspam domains...
- http://www.malwaredomains.com/wordpress/?p=2705
June 1st, 2012 - "Added over 140 malicious domains associated with flamer, htaccess redirects, malspam etc. Sources include spamhaus.org, malwareurl.com, malware-control.com and many others..."

:fear::fear:
 
Malware Domain Blocklist updated - 2012.06.04 ...

FYI...

BH Exploit, citadel, malspam, Tinba domains...
- http://www.malwaredomains.com/wordpress/?p=2714
June 4th, 2012 - "Added over 140 domains associated with Tinba, pornmocup, back hold exploits, etc. Sources include exposure.iseclab.org, c-apture.blogspot.com, hosts-file.net, malware-control.com and others..."

:fear::fear:
 
Malware Domain Blocklist updated - 2012.06.13 ...

FYI...

malvertising, malicious javascript, trojans...
- http://www.malwaredomains.com/wordpress/?p=2732
June 13th, 2012 - "Added over 140 domains associated with trojans, sql injection, malvertising, etc. Sources include xylibox.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."

:fear::fear:
 
Malware Domain Blocklist updated - 2012.06.25 ...

FYI...

runforestrun, iceix, rogues, malvertising, malspam domains...
- http://www.malwaredomains.com/wordpress/?p=2749
June 25th, 2012 - "Two recent updates, adding over 230 domains associated with “RunForestRun, IceIX, Malicious Spam, Malicious Advertising, etc. Sources include malwaredomainlist.com, isc.sans.org, hosts-file.net and many more..."

:fear::fear:
 
Malware Domain Blocklist updated - 2012.06.26 ...

FYI...

Runforestrun update
- http://www.malwaredomains.com/wordpress/?p=2758
June 26th, 2012 - "Old versions of Plesk store passwords in clear text
-> http://blog.unmaskparasites.com/201...asswords-stored-in-plain-text-in-plesk-panel/
There is a remote SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those passwords.
-> http://kb.parallels.com/en/113321
Combine these two together and what do you get, malware of course.
Plesk Vulnerability Leading to Malware
>> http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html
Runforestrun and Pseudo Random Domains
- http://blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
Run, Forest! (Update) – block 95.211.27.206
- https://isc.sans.edu/diary/Run+Forest+Update+/13561
We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block."

:fear::fear:
 
You must log in or register to reply here.
Back
Top