The malware domain blocklist is now available in Adblock Plus format.
Please see http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus
If anyone has information about www (dot) securesuite (dot) co (dot) uk, please forward it to us. It was listed as associated with phishing, but may be a legit site.
It will be temporarily delisted while information is collected. Please send any information our way. Thanks.
New Iframe Domains. Block immediately. Sources: shadowserver, scansafe blog, castlecops, and others.
actualization .cn latinlovesite .com asp27 .com lollypopycandy .com atinlovesite .com maigol .cn bnmfg .com .cn makinglovedirect .com pid72 .com new-contentx-2008 .com cntrl62 .com c9zuniilbbk4lild8-72bpnla-qz2rjllrczql8l2y .net config73 .com dvb .bnmfg .com .cn csl24 .com sexhornyparty .com debug73 .com soft2008-freeware .com default37 .com spyware-quick-scan .com ssl39 .com youronlinelove .com fayhvkfnvu .com theloveparade .com get49 .net virus-scanonline .com pid76 .net web923 .com yourloveletter .com
Help fight spyware: Join the Spyware Listening Post!
domains.txt file is the complete list along with original reference
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
New domains associated with malware, mostly new iframe/sql injection & asprox domains. Sources: www.matchent.com, www.bloombit.com, www.emergingthreats.net:
adupd .mobi cnzytv .com adwste .mobi conceptinvestin1 .com adwsupp .com conceptinvestin2 .com asp72 .com conceptinvestin3 .com bank84 .com google-analyze .info id746 .com hdadwcd .com qq117cc .cn bnrupdate .mobi cert83 .com kadport .com cfm78 .com best-anti-virus .net ckujcgxi .biz scholes-it .com ckujcgxi .com sid36 .com ckujcgxi .net supbnr .com zcom .com suppadw .com
Help fight spyware: Join the Spyware Listening Post!
domains.txt file is the complete list along with original reference
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
A new domain to block: google-analyze .info
See the following for more information:
http://www.webhostingtalk.com/showthread.php?p=5180521 and http://forum.joomla.org/viewtopic.php?f=267&t=301745&p=1329547
New domains associated with sql injection/iframes, mainly from shadowserver. These domains should be immediately blocked!
app52 .com gogodownnn .com appid37 .com downloaditrightnow .com apps84 .com fast-viruscanner .com asp707 .com hlpadw .com aspssl63 .com hlpgetw .com aspx49 .com ie-antivirus .com base48 .com ieavdownloadstart .com batch29 .com ilovethatdownload .com bin963 .com j8j8hei .cn bios47 .com lang34 .com bnradw .com nopagedns .com cid26 .com pingadw .com dbupdr .com pingbnr .com dl251 .com rdaceq .cn heiheinn .cn rid34 .com zzdrew .cn sdnalgae .com free-viruscan .com st212 .com getbwd .com tid62 .com heihei117 .cn update34 .com xfsare .cn update999 .cn wav2008 .com westpacsecuresite .com
Help fight spyware: Join the Spyware Listening Post!
domains.txt file is the complete list along with original reference
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
s3c-watch has a list of sql-injected iframe domains:
www .westpacsecuresite .com
bios47 .com
www .update34 .com
apps84 .com
chanm .cn
and others.
These domains, as well those listed on shadowserver’s site ll be added in the next update, but you should not wait….
New domains associated with malware, from various sources:
| 1d27c9b8fb.com | 171dl.com |
| 2373498294.cn | wornm.cn |
| activeware.cn | kukutrustnet777.info |
| biztech-co.cn | kukutrustnet888.info |
| boywhole.com | kukutrustnet987.info |
| describeenter.com | 32376ohuuuhdss.net |
| fconnorlaw.cn | 403236308.5166.info |
| grupogaleria.cn | 444.wo1717.com |
| meanquiet.com | asjdiweur87wsdcnb.info |
| microsofiz.cn | paypal.client-confirmation.com |
| oceaninfo.co.kr | zuoyouweinan.com |
| oftendollar.com | industryexpect.com |
| optioner.cn | metalmorning.com |
| pacoast.cn | gondolizo18483.info |
| polkerdesign.cn | tianjisuan.com |
| ratedhot.cn | cadeaux-avenue.cn |
| yetresult.com | tellicolakerealty.cn |
Help fight spyware: Join the Spyware Listening Post!
domains.txt file is the complete list along with original reference
Updates are located at http://www.malwaredomains.com/updates
The full files are located at: http://www.malwaredomains.com/files
BOOT file is in MS DNS format
spywaredomains.zones file is in BIND format
A function that that does sanitizing of input for all inputted data: http://isc.sans.org/diary.html?storyid=4615
How To Immune Your Web Application and Database From Such Automated Attacks:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx
Tip/Trick: Guard Against SQL Injection Attacks
http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx
Stopping SQL Injection and Crossing Over Cross-site Scripting
http://securitymasala.files.wordpress.com/2007/11/mano_paul_sqlinjandxss_catalyst_eu.pdf
Detection, defense, and identifying possible coding which may be exploited by an attacker:
http://www.microsoft.com/technet/security/advisory/954462.mspx
Stop SQL Injection Attacks Before They Stop You
http://msdn.microsoft.com/en-us/magazine/cc163917.aspx
SQL Injection Attacks by Example
http://www.unixwiz.net/techtips/sql-injection.html
Finding SQL Injection with Scrawlr: http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx
Here are some good articles on SQL Injection attacks and some tips on how to prevent them (watch wrap):
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx
http://blogs.technet.com/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx
http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx
SANS has a new article on the SQL injection attacks on ASP pages. They link to a function to filter out the SQL keywords and also escape some the metacharacters in SQL to prevent SQL injection.
A better alternative is to use a parameterized query. SANS links to several examples.
SANS sums it up best:
Parameterized query is available on most other web scripting platforms, now is the time to review all your web app before the automated SQL injection exploitation spreads to other language platforms (PHP, CFM, PL)