As of December 5, 2007, we've added a moderately filtered version of malware, spyware and phishing data from malwaredomains.com to ph.surbl.org. Here's David Glosser's description of the data:

"*The DNS blackhole* list is an actively maintained list of domains associated with malware and malicious software. For more information and mirrors, please visit www.malwaredomains.com"

It appears that many of the data come from the Intrusion Detection System community such as Snort Bleeding Threats, malware research, etc., in addition to more recently having added phishing data. This is a slight divergence for SURBL since traditionally we have not focussed on malware sites, but there does seem to be some overlap (about 20%) between this new data set and our existing data. In other words, we had about one-fifth of them already blacklisted. Presumably some of the malware sites appear in spams in an attempt to compromise systems of those who visit malware loader sites, or install the hosted malware, etc.

Cheers,

Jeff C.