In order to keep improving SURBL data, we plan to reorganize some of the sublists inside the combined list multi as described below.
OB -- OB sublist to be deprecated immediately
Due to reduced effectiveness, SURBL will be deprecating the data in the OB sublist in a multi-stage process described below, with a the timeline at the end of this announcement.
We will emptying the OB dataset beginning immediately. Since the current OB data are resulting in few detections, the effect of emptying the list should not significantly impact most production systems that are using the data.
After the OB dataset has been empty for a period of time, we will be replacing bitmask bit 16 that OB currently uses with a new list described next.
SURBL would like to sincerely thank the Outblaze team and their successor organization IBM for very kindly making the Outblaze data available to the SURBL community for several years. Special thanks go to Suresh Ramasubramanian and his colleagues for their many years of dedication in helping SURBL and the broader Internet community to stop messaging, botnet, malware, phishing and other forms of abuse.
MW -- New malware sublist
After some time with OB data emptied, the bitmask bit 16 formerly used by OB will be used by a new list MW which will consist of malware domains and IPs, most of which which are currently merged into the PH list. We had overloaded the phishing list PH with both phishing and malware data since they were somewhat related, but several users of SURBL data have expressed an interest in separate classifications for phishing and malware.
Splitting those categories of data info separate sublists will make the distinctions between phishing and malware available for the whole SURBL community to use. Having a separate malware sublist should allow SURBL applications to make finer-grained, more accurate classifications and to perform better as a result.
Some records may be on multiple lists. For example if a site has both phishing and malware, then it may be on both the PH and MW lists. Overlap between any datasets has been and will continue to be possible.
Timeline:
Deprecation of the OB dataset - Immediate Creation of the MW (malware) dataset - 1 May 2013
The documentation on the SURBL site will be updated the next few weeks to reflect the changes. It has not been updated yet.
Recommended action:
We recommend that SURBL application developers prepare to update their configurations according to these changes so they are ready when the changes are put into production on our name servers and zone files.
Please direct followup discussion to the SURBL Discussion list.