Emerging Threats - Storm Malware Domains Updated

Main Menu

Documentation Wiki

My Account

Account

Feeds

ATOM 0.3

OPML

Storm Malware Domains Updated

PDF

Print

E-mail

Written by Matt Jonkman
Tuesday, 01 January 2008
David Glosser has added the list of storm domains in the latest wave of crud to the DNS Blackhole. We have looked at Snort sigs for these, but the binary names and http methods aren't unique enough at this point for reliable sigs. Latest update from David: ---- The domain is www.malwaredomains.com. (updates are located at http://www.malwaredomains.com/updates and the full files are located at: http://www.malwaredomains.com/files). If you use the listening post, you will be contributing to the fight against spyware and malware by helping us to create a smaller list of "active" domains which can be used by smaller companies whose DNS servers do not have the horsepower to run the full blocklist, among other things. List Update: All known storm worm domains have been added to the DNS Blackhole List, as well as the usual list of new rogue antivirus and fake codec domains. More... Blogspot and blogger continue to have phoney sites created for the sole purpose of pushing fake codec trojans (see http://sunbeltblog.blogspot.com/2007/12/fake-codecs-on-blogger.html and http://sunbeltblog.blogspot.com/2007/12/dog-breakfast-continues-on-blogger.html). However, blogspot and blogger have not been added since doing so would block too many valid sites. you should consider adding them them yourself if your company policy allows. ============================================================================== updates are located at http://www.malwaredomains.com/updates The full files are located at: http://www.malwaredomains.com/files BOOT file is in MS DNS format spywaredomains.zones file is in BIND Server format domains.txt file is the complete list along with original reference
Last Updated ( Tuesday, 01 January 2008 )

< Prev		Next >

Joomla Templates by JoomlaShack Joomla Templates