Tech Talk

[here]

FYI...

Urgent Block: google-analytics(dot)dynalias.org
- http://www.malwaredomains.com/wordpress/?p=1013
June 7th, 2010 - Please block google-analytics. dynalias. org.

Sources:
- http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99&tabid=2
Updated: June 7, 2010 1:56:30 AM

- http://phil-secu.over-blog.net/

 

[Scareware, trojan, exploit domains]

FYI...

Scareware, trojan, exploit domains
- http://www.malwaredomains.com/wordpress/?p=1015
June 8, 2010 - "A bunch of new domains associated with scareware, exploits, trojans, etc. Sources: paretologic.com, www3.malekal.com, www.kvarcasvany.hu, ddanchev.blogspot.com and others..."

 

[ww-dot-robint-dot-us]

FYI...

Urgent Block: ww-dot-robint-dot-us
- http://www.malwaredomains.com/wordpress/?p=1017
June 9, 2010 - "ww(dot)robint(dot)us has been injected into over 111,000 IIS/ASP sites. Please add this to your blocklist ASAP (or refresh your zone file, as last night’s update included that domain) Sources:
- http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html
- http://nsmjunkie.blogspot.com/2010/06/anatomy-of-latest-mass-iisasp-infection.html
- http://isc.sans.edu/diary.html?storyid=8935 "

- http://boards.cexx.org/index.php?topic=17009.msg80958#msg80958

 

[many scareware, exploit, and rogue domains added]

FYI...

many scareware, exploit, and rogue domains added
- http://www.malwaredomains.com/wordpress/?p=1025
June 12, 2010 - "Sources: ddanchev.blogspot.com, jsunpack.jeek.org, and others..."

 

[zeus, 8080, rogue domains]

FYI...

zeus, 8080, rogue domains... added
- http://www.malwaredomains.com/wordpress/?p=1034
June 14, 2010 - "Sources include: malwaredomainlist.com, malc0de.com, support.clean-mx.de, zeustracker.abuse.ch..."

- http://www.abuse.ch/?p=2568
May 17, 2010 - "... Arbor Networks... has added a fingerprint in their Peakflow product family to help Internet Service Providers (ISPs) and companies around the world to mitigate, protect and monitor malicious ZeuS C&C Botnet traffic within their Networks. The fingerprint provided by Arbor is being generated in cooperation with the ZeuS Tracker... If you are a network administrator and your company is runing Arbor Peakflow you just can activate the fingerprint using Arbor’s Active Threat Feed policies (ATF)."

 

[fastflux, zeus, trojan domains added]

FYI...

fastflux, zeus, trojan domains added
- http://www.malwaredomains.com/wordpress/?p=1044
June 15, 2010 - "sources include secuboxlabs.fr, atlas.arbor.net, www.malwaredomainlist.com, zeustracker.abuse.ch..."

- http://atlas.arbor.net/summary/fastflux
"Fast flux hosting is a technique where the nodes in a botnet are used as the endpoints in a website hosting scheme. The DNS records change frequently, often every few minutes, to point to new bots... Currently monitoring 562 active fastflux domains..."

 

[dns-bh update: 145 new domains]

FYI...

dns-bh update: 145 new domains
- http://www.malwaredomains.com/wordpress/?p=1054
June 18, 2010 - "Sources include: secuboxlabs.fr, www.malwaredomainlist.com, support.clean-mx.de, ddanchev.blogspot.com..."

 

[fake video, exploit, rogue security domains]

FYI...

fake video, exploit, rogue security domains
- http://www.malwaredomains.com/wordpress/?p=1058
June 20, 2010 - "Sources include: paretologic.com, malwaredomainlist.com, malc0de.com..."

 

[Urgent block: volgo-marun .cn & sicha-linna8 .com]

FYI...

Urgent block: volgo-marun .cn & sicha-linna8 .com
- http://www.malwaredomains.com/wordpress/?p=1065
June 22, 2010 - "From cyberinsecure.com:
    The support site of leading Chinese PC manufacturer Lenovo has been compromised by unknown attackers who injected a rogue IFrame into the pages over the weekend. Security researchers warn that unwary visitors looking for drivers are exposed to several exploits that install the Bredolab trojan onto their computers.
    The IFrame points to an exploit kit hosted on a domain called volgo-marun. cn. After performing several checks to determine what vulnerable software they had installed on their computer, the visitors were served with exploits targeting older versions of Internet Explorer, Adobe Reader or Adobe Flash player... and receives commands from C&C server with domain sicha-linna8 .com "

 

[128 new zeus, rogue, exploit domains]

FYI...

128 new zeus, rogue, exploit domains
- http://www.malwaredomains.com/wordpress/?p=1067
June 22, 2010 - "128 new domains associated with exploits, zeus, rogue and other maliciousness..."

 

[Artro, asprox,zeus,rogue domains…]

FYI...

Artro, asprox,zeus,rogue domains…
- http://www.malwaredomains.com/wordpress/?p=1081
June 24, 2010 - "Sources include: x.maldb.com, abuse.ch, m86security.com, secuboxlabs.fr..."

 

[20 new domains]

FYI...

20 new domains
- http://www.malwaredomains.com/wordpress/?p=1088
July 2, 2010 - "Quick update… 20 New domains..."


 

[here]

FYI...

List Cleanup: 646 Domains Removed
- http://www.malwaredomains.com/wordpress/?p=1092
July 5, 2010 - "646 domains have been removed. Please let us know if any need to be readded. There were 31 domains added in July 2009 and, a year later, are still actively serving up malware (according to google safebrowsing)..."

 

[138 new domains]

FYI

138 new domains
- http://www.malwaredomains.com/wordpress/?p=1094
July 6, 2010 - "138 new domains, including some gumblar and “malvertising” domains. Sources include: mdl.paretologic.com, malc0de.com/database/, blog.unmaskparasites.com, stopmalvertising.com..."

 

[Update: 246 harmful domains]

FYI...

Update: 246 harmful domains
- http://www.malwaredomains.com/wordpress/?p=1097
July 8, 2010 - "sources: securehomenetwork.blogspot.com, blog.unmaskparasites.com, www.freepcsecurity.co.uk, blog.dynamoo.com and others..."