Domain: malwaredomains.com
Stories and comments across the archive that link to malwaredomains.com.
Comments · 20
-
Re:Need a good HOSTS file
See also: http://someonewhocares.org/hos... http://pgl.yoyo.org/adservers/... (not hosts formatted: https://spam404bl.com/spam404s... and http://mirror2.malwaredomains.... ) I'm using a shell script to aggregate those into a blacklist used by dnsmasq for my LAN (altough it is somewhat discouraging to see how often my android devices tries to phone home when on my wifi).
-
Re:2nd: You said "botnets" quoted, & hosts?
Dammit, tard. You're trying to talk about things you don't understand. NO tard. BAD TARD.
Here, I'll do your research for you, and drop some knowledge on your ass.
See this link: http://www.malwaredomains.com/?p=3880
There is a paper there. Fidelis Security reverse-engineered the Domain-Generating Algorithm (DGA) for Pushdo (the Cutwail botnet). Pushdo/Cutwail creates 30 domain names PER DAY.
Fidelis used the DGA to generate all ~10,000 domain names for all of 2015. There is a link to all ~10,000 domain names.
If you want to protect against DGAs using a host file, you need to:
1. Reverse Engineer the algorithm out of the malware.
2. Use the algorithm to generate the domains for each day/hour/whatever.Step #1 requires an experienced malware reverse-engineer. They do not normally just do this work for free and post the results publicly. Fidelis did it this time to raise their profile as a security company.
Additionally, the Pushdo authors will probably just change the DGA now that it's been made public.
Besides, as we've discussed, malware usually runs with admin privileges and can trivially:
1. Send DNS itself (I even linked you a paper on this)
2. Change DNS settings -
Re:Ask yourselves these questions... apk
From 12 reputable & reliable known sources in the security community.
APK
P.S.=> http://hosts-file.net/hphosts-...
http://hosts-file.net/ad_serve...
http://mirror1.malwaredomains....
http://someonewhocares.org/hos...
http://www.malwaredomainlist.c...
http://winhelp2002.mvps.org/ho...
http://www.malwareurl.com/
http://www.malware.com.br/cgi/...
http://hostsfile.org/Downloads...
http://hostsfile.mine.nu/hosts...
http://pgl.yoyo.org/as/serverl... ... apk -
Here's the COMPLETE LIST from
One of my sources for hosts file data ( http://mirror1.malwaredomains.... )
FILENAME = Microsoft-Botnet-domains-no-ip.zip
* 4th file down... & there is 22,037 subdomains in it (I most likely HAD them all too, but again -
/.'s posting size limit would've stopped me, for SURE... however - it PRETTY MUCH MATCHES the domains I posted too from my hosts file, AND, those names look very familiar in MANY of them from doing my hosts file population via my program anyhow as well...!)APK
P.S.=> Sorry - I could've got that for you the other day - I just didn't look like I should have (it was there on July 2nd 2014)... apk
-
Agreed, 110% (unfortunately)... apk
The reason I state this, is because I've been building up a successful blacklist (albeit NOT vs. "spam" or phishers only, but more vs. online threats in maliciously scripted sites &/or servers known to serve up malware etc.):
Yes, thus - I'd have to say, based on 15++ yrs. of experience doing it (based on reputable & reliable sites listed below) that yes, MOST of it comes from those nations (& that's why I said "unfortunately" in my subject-line - since I know their people are NOT "all bad", just that they have a lot of what you state going on).
I base this not only on "opinion" but HARD DATA too!
From a list I apply in custom hosts files of over 1,967,147 such bogus sites/servers that grows by almost 200 - 2,000 such sites each day, approximately (that *might* strike some of you as "fantastic", but it's real)... I get my data from the following sites:
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000
http://winhelp2002.mvps.org/hosts.htm
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://safeweb.norton.com/noscript/
http://mirror1.malwaredomains.com/files/
http://hostsfile.org/hosts.html
http://www.malwareurl.com/
http://sysctl.org/cameleon/hosts
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://www.safer-networking.org/dl/
http://amada.abuse.ch/palevotracker.phpAND, then I import, consolidate, sort, & deduplicate that data using this application I wrote to do so:
---
APK Hosts File Engine 5.0++ 32/64-bit:
---
Why? Simple - it works, & on the SIMPLEST PRINCIPLE OF ALL: What you can't touch, can't hurt you... & I never was the type of person to just "sit around & take it" - I do something about it, IF possible. The above IS my possible, and it is possible & works (in combination with all I put into this security guide I authored from 1997-2007, here -> http://www.google.com/search?hl=en&output=search&sclient=psy-ab&q=%22How+to+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=PjNrUcDVGpSz4AOJuIHQDQ that works on the BEST THING WE HAVE GOING: "Layered-Security"/"Defense-in-Depth"... & yes, it works! )
APK
P.S.=> Any questions?
... apk
-
I do pretty much the same here... apk
Except I completely control it locally @ the fastest level of operations possible (the TCP/IP stack running in PnP designed kernelmode/rpl 0/ring 0 operations) as a filter:
---
APK Hosts File Engine 5.0++ 32/64-bit:
---
(What custom hosts files do for me in added value for better speed, security, reliability, & even anonymity to an extent is listed there in 16 discrete points...)
* "Auto-Magically" populating & creating a custom hosts file from 14++ reputable & reliable sources for data for protecting vs. known malicious sites/servers/hosts-domains:
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000
http://mirror1.malwaredomains.com/files/
http://hostsfile.org/hosts.html
http://someonewhocares.org/hosts/
http://www.malwareurl.com/
http://sysctl.org/cameleon/hosts
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://winhelp2002.mvps.org/hosts.htm
http://hostsfile.mine.nu/downloads/
http://safeweb.norton.com/buzz
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
http://amada.abuse.ch/palevotracker.phpAPK
P.S.=> Best part is, it's not only of value for security, but also for added:
---
1.) Speed (via blocking adbanners as well as bogus sites online, but also via "hardcoding" your favorite sites into it for FASTER IP address resolution locally than from remote DNS servers (which have faults in them, many of which remain unpatched vs. the Kaminsky DNS redirection poisoning flaw, 1/2 a decade++ later AFTER its discovery -> )
2.) Reliability (vs. said unpatched flaw above OR downed remote DNS servers)
3.) To an extent, anonymity (vs. DNS request logs)
---
... apk
-
Good one: Here's more... apk
Sources for custom hosts file data for a myriad of purposes, all listed here (which THIS VERY PROGRAM uses):
---
APK Hosts File Engine 5.0++ 32/64-bit:
---
SOURCES IT USES FOR CUSTOM HOSTS FILE DATA INTAKE:
http://safeweb.norton.com/buzz
http://hosts-file.net/?s=Download
http://hostsfile.org/hosts.html
http://winhelp2002.mvps.org/hosts.htm
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=all
http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/
http://sysctl.org/cameleon/hosts
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://hostsfile.mine.nu/downloads/
---
* HOWEVER: You don't NEED TO KNOW THAT, since the program above uses most all of those sources listed above, & does the work for you, of - Import, Deduplicate & Filter/Normalize + Convert blocking address format used, Speed up hardcoded favorites (which ARE what can solve redirection problems in DNS & most likely here too with facebook mind you), & Save to hosts itself... from those very reliable & reputable sources for custom hosts file data online!
APK
P.S.=> Enjoy if you use the program I wrote above, & good on your part to see here that you have enough sense to take advantage of custom hosts files for better online speed, security, reliability, & of course, even better anonymity (to an extent, vs. DNS request logs OR vs. DNSBL's you may not like too)...
... apk
-
Re:Let's see if this works
Jorge, you can name me all you want, but there is no shame is using a hosts file to block DDoS Packets. I have a foolproof list that blows away your arguments.
P.S.=> There's other methods also, via native to OS tools for network-wide propogation of fresh clean updated hosts files that program yields IF you only installed it on a "central server" for clean hosts for all nodes/workstations/servers:
I.E.-> Centrally managed hosts files? Easy as pie via logons scripts, or parse of autoexec in Windows @ bootup via GPEdit & group policies company-wide!
OR
Using taskscheduler on each workstation/server node periodically
P.P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. threats like bogus servers &/or maliciously scripted sites. Here's some good sources for that above & beyond mvps.org (I noted them above):
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/ (justdomains here)
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://sysctl.org/cameleon/hosts
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://www.apkgoatsestylepersonalpics.com/hostsfiles.htm
http://www.malwareurl.com/
http://www.safer-networking.org/en/download/ (updater for Spybot "Search & Destroy" & it fortifies HOSTS files)
Those are some of my regular sources that are reputable & reliable for custom HOSTS file data populations vs. known threats online - I consolidate them here via programs I wrote that normalize/deduplicate repeated entries, sort/alphabetize the results, & change from larger + slower 127.0.0.1 (longer & loopback ops happen here) to the faster & smaller 0.0.0.0 (or even 0 on Windows 2000/XP/Server 2003): Enjoy!
... apk
P.P.P.P.S.=> There you go... it all works, GUI easily from my app, all the way out to any endpoint PC/Server on a LAN/WAN even... often as you like & CLEAN/FRESH too!
P.P.P.P.P.S=> It's good "layered-security"/"defense-in-depth" & does things AdBlock, DNS, & even firewalls can't (like speed up access to fav. sites + make them reliable in the event of DNS poisoning redirects or being "downed" even...) & gets P.P.P.P.P.P.S.=> back SPEED/BANDWIDTH users pay for out of pocket along with their POWER BILL too...
P.P.P.P.P.P.P.S.=> I skipped P.P.P.S=> -
Re:Upgrades do suck
DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm
---
1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it
2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)
3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS
---
* DONE!
(Yes, it's THAT simple vs. hosts-domain based threats which ARE THE MAJORITY OF THEM OUT THERE (because hosts-domain names are recyclable unlike IP addresses)... &, it works - you CAN'T be burned if you can't go into the malware kitchen!)
APK
P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. threats like bogus servers &/or maliciously scripted sites. Here's some good sources for that above & beyond mvps.org (I noted them above):
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/ (justdomains here)
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://sysctl.org/cameleon/hosts
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://www.malwareurl.com/
http://www.safer-networking.org/en/download/ (updater for Spybot "Search & Destroy" & it fortifies HOSTS files)Those are some of my regular sources that are reputable & reliable for custom HOSTS file data populations vs. known threats online - I consolidate them here via programs I wrote that normalize/deduplicate repeated entries, sort/alphabetize the results, & change from larger + slower 127.0.0.1 (longer & loopback ops happen here) to the faster & smaller 0.0.0.0 (or even 0 on Windows 2000/XP/Server 2003): Enjoy!
... apk -
I defend against disk corruption with HOSTS filesDO THE FOLLOWING -- obtain a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm
* DONE!
(Yes, it's THAT simple vs. hosts-domain based threats which ARE THE MAJORITY OF THEM OUT THERE (because hosts-domain names are recyclable unlike IP addresses)... &, it works - you CAN'T be burned if you can't go into the malware kitchen!) No more malware, no disk corruption!
This concept & technique is VERY simple to understand, as far as how to install a custom HOSTS file, how to get data to populate it (& if need be? An Access import & "SELECT * DISTINCT FROM (tablename) ORDER BY ASC" type query & export can do the deduplication/normalization end even).
E.G.-> I've taught it to people who have NO CLUE in computing in fact, & they took to it like ducks to water - especially custom editing their custom HOSTS file with text editors once they understand what speeds them up (hardcodes) & secures them + how, by blocking out bogus sites/servers!
(And? Heck - They ought to like it & take to them fast! Especially considering a custom HOSTS file acts as a security layer AND more-or-less, an "online turbocharger" for speed too, for free! You already own one anyhow, with any OS that uses a BSD based IP stack (which IS most))...
P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. threats like bogus servers &/or maliciously scripted sites. Here's some good sources for that above & beyond mvps.org (I noted them above):
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/ (justdomains here)
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://sysctl.org/cameleon/hosts
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://www.malwareurl.com/
http://www.safer-networking.org/en/download/ (updater for Spybot "Search & Destroy" & it fortifies HOSTS files)Those are some of my regular sources that are reputable & reliable for custom HOSTS file data populations vs. known threats online - I consolidate them here via programs I wrote that normalize/deduplicate repeated entries, sort/alphabetize the results, & change from larger + slower 127.0.0.1 (longer & loopback ops happen here) to the faster & smaller 0.0.0.0 (or even 0 on Windows 2000/XP/Server 2003): Enjoy!
... apk -
I defend ANDROID smartphones w/ HOSTS files
DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm
---
1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it
2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)
3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS
---
* DONE!
(Yes, it's THAT simple vs. hosts-domain based threats which ARE THE MAJORITY OF THEM OUT THERE (because hosts-domain names are recyclable unlike IP addresses)... &, it works - you CAN'T be burned if you can't go into the malware kitchen!)
APK
P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. threats like bogus servers &/or maliciously scripted sites. Here's some good sources for that above & beyond mvps.org (I noted them above):
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/ (justdomains here)
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://sysctl.org/cameleon/hosts
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://www.malwareurl.com/
http://www.safer-networking.org/en/download/ (updater for Spybot "Search & Destroy" & it fortifies HOSTS files)Those are some of my regular sources that are reputable & reliable for custom HOSTS file data populations vs. known threats online - I consolidate them here via programs I wrote that normalize/deduplicate repeated entries, sort/alphabetize the results, & change from larger + slower 127.0.0.1 (longer & loopback ops happen here) to the faster & smaller 0.0.0.0 (or even 0 on Windows 2000/XP/Server 2003): Enjoy!
... apk
-
Glad it's working 4U (you'll like this I think)
Based on your success using a HOSTS file for added speed - you can also get more "layered-security"/"defense-in-depth" added as well, & here are some of the sites I use online to populate my HOSTS file vs. various online threats (all current, updated regularly, & reputable):
http://hosts-file.net/?s=Download
http://winhelp2002.mvps.org/hosts.htm
http://someonewhocares.org/hosts/
http://www.malwaredomainlist.com/hostslist/hosts.txt
https://spyeyetracker.abuse.ch/monitor.php
https://zeustracker.abuse.ch/monitor.php?filter=all
http://amada.abuse.ch/palevotracker.php
http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000
http://www.safer-networking.org/en/download/
http://www.malwareurl.com/
http://mirror1.malwaredomains.com/files/
http://hostsfile.org/hosts.html
http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples* There you go - that'll "get you started" on the road to not only FASTER websurfing, but also SAFER websurfing as well...
APK
P.S.=> Now, as far as "integrating" them into your HOSTS file?
Those sites offer various tools for that (I have built my own over time & you can even use tools like MS-Access for the hard part, deduplication for unique entry data via SELECT DISTINCT queries if need be, but I think the best tool offered on 1 of those sites is a PERL deduplication script (you have to have PERL installed though) as far as the tools offered by others from those sources.
Thus, You may wish to look into the FREE tools offered on those sites, if not compare them as well, & just for the purposes of import, deduplication/normalization, + more as well!
So - enjoy & continued good luck to you (as well as "salutations" for trying a custom HOSTS file & experiencing what you have, thusfar)...
... apk
-
GET MORE THAN THAT FREE (Using HOSTS files)
By far, & so can anyone else in 2 ways:
1.) Blocking out adbanners (which have been known to serve up malware many times in the past 7++ yrs. or more, no less)
&
2.) Hardcoding your favorite sites into it (so you avoid DNS lookups that take longer than 30-60ms or more to send back a host-domain name resolved to IP address, & also from possibly downed, OR "dns-poisoned" misdirected DNS servers)
Nice part is, it didn't cost ME "billions of dollars" to get a HELL OF A LOT MORE SPEED BACK FOR MY MONIES I PAY OUT TO BE ONLINE (as well as a hell of a lot better "layered security" to go with it), using HOSTS files...
APK
P.S.=> And, they're FREE, & data for them is as simple as pinging your fav. sites for their IP address (so you can LOCALLY "Self-Resolve" the host-domain name to IP address equation), & blocking adbanners has data widely available for it also (in addition to blocking out KNOWN bogus sites that serve up malware) for security too, such as this list of them:
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000
http://mirror1.malwaredomains.com/files/
http://someonewhocares.org/hosts/
http://www.malwareurl.com/
https://spyeyetracker.abuse.ch/monitor.php
https://zeustracker.abuse.ch/monitor.php?filter=online
http://winhelp2002.mvps.org/hosts.htm
http://hostsfile.org/hosts.html
http://www.safer-networking.org/en/download/By this point in time, since 1997 with lists of my own? I have 1.6++ million bogus sites/servers/hosts-domains, adbanner servers, & far more that's "not good for your speed OR security online" blocked-out, & my DSL connection runs MORE like a GOOD CABLE CONNECTION instead for websurfing, easily!
... apk
-
I block their C&C servers via HOSTS files
HOSTS files, combined with firewalls rules tables (for IP address based ones).
It's easy enough to do, the data's out there by the TRUCKLOAD on Conficker and many other known botnets, sites/servers/hosts-domains that serve up malware-in-general (virus/spyware etc./et al).
Here are 15 or so that I use for anyone that's interested in protecting themselves in this manner:
---
http://www.mvps.org/winhelp2002/hosts.htm
http://hostsfile.org/hosts.html
http://someonewhocares.org/hosts/
https://zeustracker.abuse.ch/monitor.php?filter=online
https://spyeyetracker.abuse.ch/monitor.php
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malware.com.br/lists.shtml
http://hosts-file.net/?s=Download
http://www.malwaredomains.com/
http://www.safer-networking.org/en/download/index.html (Spybot Search & Destroy has an IMMUNIZE feature that works on HOSTS files here)
http://safeweb.norton.com/buzz
---
HOSTS files are the main route I took because they offer not just security benefits, but also speed benefits (very noticeable ones), & even anonymity ones to an extent (vs DNSBL)
HOSTS files, imo @ least, are even easier to deal with than a firewall (software OR router based) rules table if you ask me!
I did so again - Because of layered security they offer (combinations of Norton DNS (dnsbl filtering DNS vs. malware online threats & botnets), & firewall rules tables)) AND SPEED GAINS POSSIBLE TOO, via an easily edited route in a text file (which is all HOSTS are, a filter that works at the fastest & most efficient level there is, the IP subsystem).
I.E -> HOSTS are EASY to edit as well with any text editor also (which, face it, anyone can handle using) to add or even remove (or # symbol comment off temporarily even) data from its internal records list.
It works & on the SIMPLEST PRINCIPLE THERE IS for security: You can't get burnt if you don't go into the malware/botnet kitchen!
(I do so based on the principle of "layered security", especially vs. online threats...)
E.G.-> So, if one protective scheme fails, the others is there to kick in to protect you!
(They all work in combination w/ one another seamlessly-transparently... so, it's basically the same idea I suppose, as folks putting deadbolts, door handle knob locks, & chain locks on a door for 'triple layer security' really!)
It works & on the SIMPLEST PRINCIPLE THERE IS for extra speed, & bandwidth YOU PAY FOR OUT OF POCKET also:
See, nicest part about HOSTS files though, is that it's easy to insert other things (say for blocking adbanners) that speed you up online (via hardcoding your fav. sites into it, host-domain name to IP Address resolved, ea
-
Custom HOSTS files can achieve the same
Here's an EASIER trick, with a FREE "Tool" you already own, that's only a single text file filter for your IP stack: A custom HOSTS file, that yields the same results!
(I think it'd be interesting to see this service, COMBINED w/ what I am about to speak of in custom HOSTS files usage, and benefits to the end-user).
"According to the article, the speed boost comes from two things" - by Anonymous Coward on Wednesday June 08, @12:42AM (#36371418)
The gains HOSTS files offer in both speed, & security, are twofold:
---
FOR ADDED SPEED:
1.) Blocks out adbanners & the lag they introduce into webpage loads/downloads for consumption
2.) Hardcoding in your favorite website (to avoid DNS roundtrip lookup & result return time)
---
FOR ADDED SECURITY:
1.) Blocks out KNOWN malicious sites/servers/hosts-domain names
2.) Protection vs. DNS issues (such as the "Kaminsky flaw", or downed/compromised DNS servers that have been "redirect poisoned")
---
They work, they're free, and you can obtain one easily!
(OR, just combine ALL of the ones listed in my 'p.s.' below, & a db import of the file using a SELECT DISTINCT query can do it for example, as a way, or mvps.org offers a tool called HOSTSMAN that does it also (there are others like it as well, I designed one, & so have others)).
You already can do this yourself since any OS that uses a BSD derived IP stack already has one (even ANDROID phones), easily, & populate the custom HOSTS file yourself from the sources noted above!
(I consolidate them all into a single de-duplicated/normalized version, that which currently blocks out 1,429,303++ KNOWN bad sites/servers/hosts-domains, AND, speeds me up VERY noticeably (via blocking out adbanners, a possible threat for years now in malicious code in them & a bandwidth + speed hog OR, by 'hardcoding in' my favorite sites (to bypass DNS lookup & return roundtrip time) also))
APK
P.S.=> Here are some reputable, & reliable sources for said HOSTS file security data (as well as prebuilt HOSTS files for instant download & usage on your parts):
http://safeweb.norton.com/buzz
http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malwaredomains.com/
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://www.malware.com.br/lists.shtml
https://spyeyetracker.abuse.ch/monitor.php
https://zeustracker.abuse.ch/monitor.php?filter=online
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
... apk
-
Do the same w/ a custom HOSTS file
Here's an EASIER trick, with a FREE "Tool" you already own, that's only a single text file filter for your IP stack: A custom HOSTS file!
"They offer a security product for websites, and in the process of designing it so that it didn't add much latency, they inadvertently made it into a CDN that speeds things up. There. Now we all know what the trick is." - by Anubis IV (1279820) on Wednesday June 08, @12:56AM (#36371492)
The gains it offers in both speed, & security, are twofold:
---
FOR ADDED SPEED:
1.) Blocks out adbanners & the lag they introduce into webpage loads/downloads for consumption
2.) Hardcoding in your favorite website (to avoid DNS roundtrip lookup & result return time)
---
FOR ADDED SECURITY:
1.) Blocks out KNOWN malicious sites/servers/hosts-domain names
2.) Protection vs. DNS issues (such as the "Kaminsky flaw", or downed/compromised DNS servers that have been "redirect poisoned")
---
They work, they're free, and you can obtain one (or combine ALL of these, a db import of the file using a SELECT DISTINCT query can do it for example, as a way, or mvps.org offers a tool called HOSTSMAN that does it also (there are others like it as well, I designed one, & so have others)).
You already can do this yourself since any OS that uses a BSD derived IP stack already has one (even ANDROID phones), easily, & populate the custom HOSTS file yourself from the sources noted above!
(I consolidate them all into a single de-duplicated/normalized version, that which currently blocks out 1,429,303++ KNOWN bad sites/servers/hosts-domains, AND, speeds me up VERY noticeably (via blocking out adbanners, a possible threat for years now in malicious code in them & a bandwidth + speed hog OR, by 'hardcoding in' my favorite sites (to bypass DNS lookup & return roundtrip time) also))
APK
P.S.=> Here are some reputable, & reliable sources for said HOSTS file security data (as well as prebuilt HOSTS files for instant download & usage on your parts):
http://safeweb.norton.com/buzz
http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malwaredomains.com/
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://www.malware.com.br/lists.shtml
https://spyeyetracker.abuse.ch/monitor.php
https://zeustracker.abuse.ch/monitor.php?filter=online
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
... apk
-
My HOSTS updates "automagically" every 15 min.
Via a PyThon script, that does the following:
---
1.) Removes duplicates/normalizing the HOSTS file
2.) Alphabetizes it
3.) Changes the larger & slower 127.0.0.1 loopback adapter std. address MOST hosts files use typically, opting for the smaller & FASTER read in (and with no loopback, pure "blackholing" only) 0.0.0.0 address!
4.) It also removes any # comments that bloat hosts, along with "trailing nulls or blanks" many have that additionally bloat the HOSTS file.
---
Once she's read up into the DNS client cache (must turn this off for large ones like mine, currently @ 1,017,970++ entries strong), OR, into the local DISKCACHE (since it's just a filtering file for the IP Stack)?
She's fast as nobody's business!
APK
P.S.=> That's how I do it, & all that, & from these reputable & reliable sources for HOSTS file data vs. adbanners &/or KNOWN bad sites/servers/hosts-domain names:
http://www.malwaredomains.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
https://spyeyetracker.abuse.ch/monitor.php
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN
bad servers blocked):http://www.safer-networking.org/en/download/index.html
& it works... even many slashdotters use them, by the by, & my list of 20++ points in favor of HOSTS files quotes their results as well (for some "peer evidences" from the likes of your fellow posters on this website in fact, in addition to myself).
... apk
-
There's MANY valid sources you can use
http://www.malwaredomains.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
https://spyeyetracker.abuse.ch/monitor.php
http://hosts-file.net/?s=Download
http://www.malware.com.br/lists.shtml
http://someonewhocares.org/hosts/
http://www.mvps.org/winhelp2002/hosts.htm
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN
bad servers blocked)http://www.safer-networking.org/en/download/index.html
---
"You ARE a spamming nutbag" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage
Oh, really? Do you have your:
---
1.) A PHD in Psychiatry to your name/credit?
2.) A license to practice it professionally??
3.) Years-to-Decades of professional experience in the field of psychiatry???
4.) A formal examination of myself in a professional environs to make your "instant snap prognosis" of my alleged mental state according to you, the "/. SiDeWaLk PsYcHo-AnALySt"????
---
No to ALL/EACH of the above????? So much for THAT "ad hominem" effete attempt on your part directed MY way then, eh??????
I.E.-> You personally just don't have the credentials to make your assessments in calling me a nutbag, period. In fact, you're libelling me in doing so... don't you KNOW that?????? There's LAWS against it you fool!
Instead - Why don't you attempt to attack the 20 points in favor of HOSTS files I put out??????
---
Oh, that's right - YOU ALSO SAID THIS:
"although you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage
That's right I am RIGHT... always am!
APK
P.S.=> Take your pick... I just happen to consolidate them ALL, into 1 file here (via a PyThon script engine that does so every 15 minutes, removing duplicates/normalizing it, and alphabetically sorting them also, & changing the larger + slower 127.0.0.1 loopback address (slower due to loopback ops) to the faster & smaller + most compatible 0.0.0.0 blackhole address instead)... apk
-
Handy malware domains lists
I work in online advertising, specifically I look after a major UK publisher's adservers/ad-delivery. We use the following to keep an eye on identified malware delivering domains:
http://www.malwaredomainlist.com/mdl.php
http://www.malwaredomains.com/
http://www.malwareurl.com/
http://www.anti-malvertising.com/ -
Re:THANKS A LOT, "SECURITY"! FOR NOTHING!
Hi, You can visit http://malwaredomains.com/ and get the DNS/HOSTFILE blacklists and use them to prevent local machines from accessing these domains. Check my post here about this technique: http://extremesecurity.blogspot.com/2008/03/dns-redirection-techniques.html
Good Luck
extremeSecurity.blogspot.com