MalwareDomainsBlocklists - archived updates

[AplusWebMaster]

MalwareDomains updated - 2010.05.19...

FYI...

Huge Update: 270 domains
- http://www.malwaredomains.com/wordpress/?p=974
May 19, 2010 - "rogue domains, fastflux domains, exploit domains, and other malicious domains. Sources include www.malwaredomainlist.com, www.malwareurl.com, secuboxlabs.fr, and jsunpack.jeek.org..."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.05.23...

FYI...

Update: koobface,fastflux,zbot,zeus domains
- http://www.malwaredomains.com/wordpress/?p=976
May 23, 2010 - "Over 250 new domains associated with zbot, zeus,torpig,neosploit, koobface and other maliciousness. Sources include ddanchev.blogspot.com, atlas.arbor.net/summary/fastflux, www.malc0de.com, zeustracker.abuse.ch..."

- http://atlas.arbor.net/summary/fastflux
"... Currently monitoring 226 active fastflux domains..."

- http://www.malwaredomains.com/wordpress/?p=979
May 24, 2010 - "trendsecure.com is incorrectly listed and has been removed. Please remove from your blocklists ASAP."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.05.26...

FYI...

Blackhole DNS Update: 138 new domains
- http://www.malwaredomains.com/wordpress/?p=986
May 26, 2010 - "sources: secuboxlabs.fr, www.siteadvisor.com..."

:fear:

 

[AplusWebMaster]

Blocklist / urgent add...

FYI...

Urgent addition: v-medical-dot-org/89.187.53.203
- http://www.malwaredomains.com/wordpress/?p=990
Posted on May 27th, 2010 in 0day, New Domains by dglosser

Please add v-medical. org (89.187.53.203) to your blocklists.
Source: http://isc.sans.org/diary.html?storyid=8860
Last Updated: 2010-05-27 18:18:30 UTC

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.05.29...

FYI...

- http://www.malwaredomains.com/wordpress/?p=993
May 29, 2010 - "Over 250 new malicious domains associated with zeus, fake security, neosploit, and other trojans and malware. Sources include malwaredomainlist.com, google.com/safebrowsing, blog.dynamoo.com..."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.01...

FYI...

List cleanup: 950 domains removed
- http://www.malwaredomains.com/wordpress/?p=1000
June 1, 2010 - "950 older domains have been removed. They are located in the file “removed-domains-20100601.txt” . Please let us know ASAP if any should be placed back on active state."

.

 

[AplusWebMaster]

Urgent Block: credittreport-dot-info

FYI...

Urgent Block: credittreport-dot-info Clickjacking Attacks
- http://www.malwaredomains.com/wordpress/?p=1003
June 2, 2010 - "There has been an outbreak of clickjacking attacks on Facebook’s “Like” plugin. The target domain associated with the hidden iframe is credittreport. info. Please block that domain ASAP. Source:
- http://isc.sans.org/diary.html?storyid=8893
Last Updated: 2010-06-02 19:08:01 UTC

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.04...

FYI...

140 Domains added...
- http://www.malwaredomains.com/wordpress/?p=1007
June 4, 2010 - "140 new domains to shun, redirect, or just block. Sources: dnsbl.abuse.ch, www.malwaregroup.com, malc0de.com, and others..."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.06...

FYI...

279 malicious domains added
- http://www.malwaredomains.com/wordpress/?p=1010
June 6, 2010 - "279 new domains. Many associated with a malicious “8080 campaign” sent to us from malc0de.com..."

:fear:

 

[AplusWebMaster]

Urgent Block: google-analytics(dot)dynalias.org

FYI...

Urgent Block: google-analytics(dot)dynalias.org
- http://www.malwaredomains.com/wordpress/?p=1013
June 7th, 2010 - Please block google-analytics. dynalias. org.

Sources:
- http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99&tabid=2
Updated: June 7, 2010 1:56:30 AM

- http://phil-secu.over-blog.net/

:fear::fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.08...

FYI...

Scareware, trojan, exploit domains
- http://www.malwaredomains.com/wordpress/?p=1015
June 8, 2010 - "A bunch of new domains associated with scareware, exploits, trojans, etc. Sources: paretologic.com, www3.malekal.com, www.kvarcasvany .hu, ddanchev.blogspot.com and others..."

:fear:

 

[AplusWebMaster]

Urgent Block: ww-dot-robint-dot-us

FYI...

Urgent Block: ww-dot-robint-dot-us
- http://www.malwaredomains.com/wordpress/?p=1017
June 9, 2010 - "ww(dot)robint(dot)us has been injected into over 111,000 IIS/ASP sites. Please add this to your blocklist ASAP (or refresh your zone file, as last night’s update included that domain) Sources:
- http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html
- http://nsmjunkie.blogspot.com/2010/06/anatomy-of-latest-mass-iisasp-infection.html
- http://isc.sans.edu/diary.html?storyid=8935 "

- http://forums.spybot.info/showpost.php?p=373948&postcount=92

:fear::fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.12...

FYI...

many scareware, exploit, and rogue domains added
- http://www.malwaredomains.com/wordpress/?p=1025
June 12, 2010 - "Sources: ddanchev.blogspot.com, jsunpack.jeek.org, and others..."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.14...

FYI...

zeus, 8080, rogue domains... added
- http://www.malwaredomains.com/wordpress/?p=1034
June 14, 2010 - "Sources include: malwaredomainlist.com, malc0de.com, support.clean-mx.de, zeustracker.abuse.ch..."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.15...

FYI...

fastflux, zeus, trojan domains added
- http://www.malwaredomains.com/wordpress/?p=1044
June 15, 2010 - "sources include secuboxlabs.fr, atlas.arbor.net, malwaredomainlist.com, zeustracker.abuse.ch..."

- http://www.abuse.ch/?p=2568
May 17, 2010 - "... Arbor Networks... has added a fingerprint in their Peakflow product family to help Internet Service Providers (ISPs) and companies around the world to mitigate, protect and monitor malicious ZeuS C&C Botnet traffic within their Networks. The fingerprint provided by Arbor is being generated in cooperation with the ZeuS Tracker... If you are a network administrator and your company is runing Arbor Peakflow you just can activate the fingerprint using Arbor’s Active Threat Feed policies (ATF)."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.18...

FYI...

dns-bh update: 145 new domains
- http://www.malwaredomains.com/wordpress/?p=1054
June 18, 2010 - "Sources include: secuboxlabs.fr, www.malwaredomainlist.com, support.clean-mx.de, ddanchev.blogspot.com..."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.20...

FYI...

fake video, exploit, rogue security domains
- http://www.malwaredomains.com/wordpress/?p=1058
June 20, 2010 - "Sources include: paretologic.com, malwaredomainlist.com, malc0de.com..."

 

[AplusWebMaster]

Urgent block: volgo-marun .cn & sicha-linna8 .com

FYI...

Urgent block: volgo-marun .cn & sicha-linna8 .com
- http://www.malwaredomains.com/wordpress/?p=1065
June 22, 2010 - "From cyberinsecure.com:
The support site of leading Chinese PC manufacturer Lenovo has been compromised by unknown attackers who injected a rogue IFrame into the pages over the weekend. Security researchers warn that unwary visitors looking for drivers are exposed to several exploits that install the Bredolab trojan onto their computers.
The IFrame points to an exploit kit hosted on a domain called volgo-marun. cn. After performing several checks to determine what vulnerable software they had installed on their computer, the visitors were served with exploits targeting older versions of Internet Explorer, Adobe Reader or Adobe Flash player... and receives commands from C&C server with domain sicha-linna8 .com "

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.22...

FYI...

128 new zeus, rogue, exploit domains
- http://www.malwaredomains.com/wordpress/?p=1067
June 22, 2010 - "128 new domains associated with exploits, zeus, rogue and other maliciousness..."

:fear:

 

[AplusWebMaster]

MalwareDomains updated - 2010.06.24...

FYI...

Artro, asprox,zeus,rogue domains…
- http://www.malwaredomains.com/wordpress/?p=1081
June 24, 2010 - "Sources include: x.maldb.com, abuse.ch, m86security.com, secuboxlabs.fr..."

:fear: