Tech Talk

[htaccess redirects, malicious javascript, trojans]

FYI...

htaccess redirects, malicious javascript, trojans
- http://www.malwaredomains.com/wordpress/?p=2684
May 22nd, 2012 - "Added 137 domains associated with htaccess redirects, malvertising, iframes, trojans, etc. Sources: exposure.iseclab.org, threatexpert.com, zeustracker, sucuri.net, and others..."

 

[Java Exploits, malicious advertising, SutraTDS]

FYI...

Java Exploits, malicious advertising, SutraTDS
- http://www.malwaredomains.com/wordpress/?p=2691
May 26th, 2012 - "Added over 100 domains associated with malvertising, java exploits, htaccess redirects. Sources include hosts-file.net, mwis.ru, sucuri.net..."

 

[Flamer, htaccess, botnet, malspam domains]

FYI...

Flamer, htaccess, botnet, malspam domains
- http://www.malwaredomains.com/wordpress/?p=2705
June 1st, 2012 - "Added over 140 malicious domains associated with flamer, htaccess redirects, malspam etc. Sources include spamhaus.org, malwareurl.com, malware-control.com and many others..."

 

[BH Exploit, citadel, malspam, Tinba domains]

FYI...

BH Exploit, citadel, malspam, Tinba domains...
- http://www.malwaredomains.com/wordpress/?p=2714
June 4th, 2012 - "Added over 140 domains associated with Tinba, pornmocup, back hold exploits, etc. Sources include exposure.iseclab.org, c-apture.blogspot.com, hosts-file.net, malware-control.com and others..."

[malvertising, malicious javascript, trojans]

FYI...

malvertising, malicious javascript, trojans...
- http://www.malwaredomains.com/wordpress/?p=2732
June 13th, 2012 - "Added over 140 domains associated with trojans, sql injection, malvertising, etc. Sources include xylibox.com, safebrowsing.clients.google.com, blog.dynamoo.com and others..."

 

[zeroaccess, malspam, blackhole exploit domains]

FYI...

zeroaccess, malspam, blackhole exploit domains
- http://www.malwaredomains.com/wordpress/?p=2735
June 17th, 2012 - "Added domains associated with bh exploits, malicious spam, zeroaccess and other trojans. Sources include labs.sucuri.net, hosts-file.net, blog.dynamoo.com..."

 

[runforestrun, iceix, rogues, malvertising, malspam domains]

FYI...

runforestrun, iceix, rogues, malvertising, malspam domains...
- http://www.malwaredomains.com/wordpress/?p=2749
June 25th, 2012 - "Two recent updates, adding over 230 domains associated with “RunForestRun, IceIX, Malicious Spam, Malicious Advertising, etc. Sources include malwaredomainlist.com, isc.sans.org, hosts-file.net and many more..."

 

[Runforestrun update]

FYI...

Runforestrun update
- http://www.malwaredomains.com/wordpress/?p=2758
June 26th, 2012 - "Old versions of Plesk store passwords in clear text
->  http://blog.unmaskparasites.com/2012/06/26/millions-of-website-passwords-stored-in-plain-text-in-plesk-panel/
There is  a remote  SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those
passwords.
-> http://kb.parallels.com/en/113321
Combine these two together and what do you get, malware of course.
Plesk Vulnerability Leading to Malware
>> http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html
Runforestrun and Pseudo Random Domains
- http://blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
Run, Forest! (Update) – block 95.211.27.206
- https://isc.sans.edu/diary/Run+Forest+Update+/13561
We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block."

 

[BH Exploit Kit, Run Forest Run, fariet domains]

FYI...

BH Exploit Kit, Run Forest Run, fariet domains
- http://www.malwaredomains.com/wordpress/?p=2760
June 28th, 2012 - "A small but important update with some fariet, run forest run, bh exploit kit domains. Sources include blog.eset.com, microsoft.com, blog.urlvoid.com and others..."

 

[iframes, Pontoeb, scam domains]

FYI...

iframes, Pontoeb, scam domains
- http://www.malwaredomains.com/wordpress/?p=2771
July 4th, 2012 - "Added over 100 domains associated with Pontoeb, scams, malicious iframes, etc. Sources: www.spamhaus.org, vxvault.siri-urz.net, sucuri.net and others..."

 

[246 malicious domains]

FYI...

246 malicious domains added...
- http://www.malwaredomains.com/wordpress/?p=2783
July 10th, 2012 - "A very large update consisting of 246 domains associated with malvertising, iframes, black hole exploits, etc. Sources include malwaredomainlist.com, sucuri.net, dynamoo.com..."

 

[RunForestRun, malspam, malvertising Domains]

FYI...

RunForestRun, malspam, malvertising Domains
- http://www.malwaredomains.com/wordpress/?p=2788
July 12th, 2012 - "Added 150 domains (runforestrun, malspam, malvertising)."

 

[Relisted Domains]

FYI...

Relisted Domains ...
- http://www.malwaredomains.com/wordpress/?p=2791
July 16th, 2012 - "Just went through a bunch of older domains and relisted almost 50 of them. Or do the bad guys wait and “lay low” with their domain until “the coast is clear” and once google safebrowsing delists  them, they once again use the domain to serve up malware (Whack-a-Mole)? Do they have google APIs and check daily to see if their domain is delisted?... It’s like fast-flux except the time frame is months instead of minutes.:

  

[DNS-BH Updates: 7.19 and 7.21]

FYI...

DNS-BH Updates: 7.19 and 7.21
- http://www.malwaredomains.com/wordpress/?p=2794
July 22nd, 2012 - "Been remiss about mentioning updates on 7.19 and 7.21. Please update your blocklists/sinkhole..."

 

[IntelliDownload (stopmalvertising.com)]

FYI...

IntelliDownload (stopmalvertising.com)
- http://www.malwaredomains.com/wordpress/?p=2797
July 23rd, 2012 - "... article about IntelliDownload*...
* http://stopmalvertising.com/malware-reports/intellidownload-hijacks-ads-and-spies-on-your-internet-browsing.html
Jul 20, 2012 - "... it doesn’t disclose that it will hijack advertisements on several major websites and replace them with ads from oadsrv .com, scrape your Facebook data, spy on your browser session and report every move you make on the web back to chango .com ..."

Please study the domains listed in the article and take appropriate action (the domains have -not- yet been added to this blocklist)."