« October 2008 · April 2009 · July 2010 »
|
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 21.02.2009: More on the Adobe Acrobat 0-Day
- 19.02.2009: When PDFs Attack - Acrobat [Reader] 0-Day On the Loose
- 16.02.2009: Shadowserver - ASN & Netblock Alerting & Reporting Service
- 12.02.2009: Joint Effort at Conficker Disruption
- 02.02.2009: Reports and Data
- 29.01.2009: Asprox Goes Phishing Again
- 24.01.2009: More Waledac Domains to Block
- 22.01.2009: Asprox - It's Baaaaaaack
- 19.01.2009: Inauguration Themed Waledac - New Tactics & New Domains
- 09.01.2009: See below.
- 31.12.2008: Waledac is Storm is Waledac? Peer-to-Peer over HTTP.. HTTP2p?
- 11.12.2008: IE7 0-Day Exploit Gets Worse
- 10.12.2008: IE7 0-Day Exploit Sites
- 05.12.2008: Anti-Fraud Website Under Constant DDoS Attack
Friday, 9 January 2009
Waledac Domains - Updated List
Happy New Year Everyone!
We have been busy with all sorts of fun stuff to include all of the continued Waledac activity. Recently we posted a blog about the trojan that compared it to the Storm Worm, detailed it's interesting P2P over HTTP activity, and listed several domains that were involved in the activity. Well we have a bunch of new and interesting information on the trojan, much of which has come from a number of security researchers out there. However, we are just going to touch on the last item and give you an updated list of domains associated with Waledac. You are bound to see all kinds of great research and interesting findings from others on this soon. In the meantime, please use this information to protect your networks and proactively (and retroactively) block these hosts.
The following are a list of domains known to be associated with Waledac. Most of these domains have been seen in the wild and may be posted elsewhere. However, we want to provide our research that we have collected ourselves in a central spot for anyone to see and share. Please DO NOT visit these domains as they are distributing malware both through the files they are peddling and via exploits.
Waledac Domain Listing (several new ones since our 12-31 post):
bestmirabella.com
bestyearcard.com
blackchristmascard.com
cardnewyear.com
cheapdecember.com
christmaslightsnow.com
decemberchristmas.com
directchristmasgift.com
eternalgreetingcard.com
freechristmassite.com
freechristmasworld.com
freedecember.com
funnychristmasguide.com
greatmirabellasite.com
greetingcardcalendar.com
greetingcardgarb.com
greetingguide.com
greetingsupersite.com
holidayxmas.com
itsfatherchristmas.com
justchristmasgift.com
lifegreetingcard.com
livechristmascard.com
livechristmasgift.com
mirabellaclub.com
mirabellamotors.com
mirabellanews.com
mirabellaonline.com
newlifeyearsite.com
newmediayearguide.com
newyearcardcompany.com
newyearcardfree.com
newyearcardonline.com
newyearcardservice.com
smartcardgreeting.com
superchristmasday.com
superchristmaslights.com
superyearcard.com
themirabelladirect.com
themirabellaguide.com
themirabellahome.com
topgreetingsite.com
whitewhitechristmas.com
worldgreetingcard.com
yourchristmaslights.com
yourdecember.com
yourmirabelladirect.com
yourregards.com
youryearcard.com
Related Exploit Domains (no new ones listed):
seocom.mobi
seofon.net
Please feel free to distribute the above list as you see fit and have a great 2009
=>Posted January 08, 2009, at 10:05 PM by Steven Adair
