[SURBL-Discuss] RFC: Adding malwaredomains.com data to phishing list?

Joseph Brennan brennan at columbia.edu
Mon Nov 26 15:19:46 CET 2007



--On Sunday, November 25, 2007 18:51 -0800 Jeff Chan <jeffc at surbl.org> 
wrote:

> Does anyone have any comments on adding the malware domains at:
>
>   http://www.malwaredomains.com/
>
> to the SURBL phising list, with significant filtering to exclude
> possible false positives?  The actual list would be the third field
> of:
>
>   http://www.malwaredomains.com/files/domains.txt
>
> The data includes malware and phishing sites.


The first field seems to be the URI we would see in mail.  Isn't that
what we would want to search?

Otherwise I don't understand why the third field repeatedly lists
F-Secure's pages about virus threats at http://www.f-secure.com/weblog/.
We would not want to interfere with mail referring to F-Secure.

Another third field, www.webhelper4u.com/cws/cwsbyalphanumeric.html,
listed many many times, is a 404.

Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology





More information about the Discuss mailing list