[SURBL-Announce] "The DNS blackhole" malware and phishing data from malwaredomains.com added to PH

Jeff Chan jeffc at surbl.org
Thu Dec 6 08:03:55 CET 2007


As of December 5, 2007, we've added a moderately filtered version of
malware, spyware and phishing data from malwaredomains.com to
ph.surbl.org.  Here's David Glosser's description of the data:

"*The DNS blackhole* list is an actively maintained list of domains
associated with malware and malicious software. For more information
and mirrors, please visit www.malwaredomains.com"

It appears that many of the data come from the Intrusion Detection
System community such as Snort Bleeding Threats, malware research,
etc., in addition to more recently having added phishing data.  This
is a slight divergence for SURBL since traditionally we have not
focussed on malware sites, but there does seem to be some overlap
(about 20%) between this new data set and our existing data.  In other
words, we had about one-fifth of them already blacklisted.  Presumably
some of the malware sites appear in spams in an attempt to compromise
systems of those who visit malware loader sites, or install the hosted
malware, etc.

Cheers,

Jeff C.


More information about the Announce mailing list