July 4th, 2009 by Steven Adair
Just put up a new post on the Shadowserver page on July 4th/Independence day spam campaign activity.. it includes several new domains:
Domains:
4thfirework.com
biumer.com
entrank.com
fireholiday.com
fireworksholiday.com
fireworksnetwork.com
fireworkspoint.com
freeindependence.com
gemells.com
handyphoneworld.com
happyindependence.com
holidayfirework.com
holidaysfirework.com
holifireworks.com
interactiveindependence.com
miosmschat.com
movie4thjuly.com
moviefireworks.com
movieindependence.com
movies4thjuly.com
moviesfireworks.com
moviesindependence.com
outdoorindependence.com
smophi.com
superhandycap.com
thehandygal.com
video4thjuly.com
videoindependence.com
yourhandyhome.com
yusitymp.com
The page links to Jeremy @ sudosecure.net’s write-up as it already has good details on the campaign.
Steven
Posted in Waledac, Malware, Botnets, Spam | No Comments »
February 10th, 2009 by Steven Adair
Just a quick post on some of the newer Waledac domains. The following were registered on February 4, 2009:
adoresong.com
alldatanow.com
alldataworld.com
bestlovehelp.com
cantlosedata.com
chatloveonline.com
cherishletter.com
cherishpoems.com
freedoconline.com
losenowfast.com
lovecentralonline.com
lovelifeportal.com
mingwater.com
theworldpool.com
wagerpond.com
whocherish.com
worldlovelife.com
worshiplove.com
yourdatabank.com
yourteamdoc.com
These have been updated and added to the list on the Shadowserver site at:
http://www.shadowserver.org/wiki/uploads/Calendar/waledac_domains.txt
Steven
Posted in Waledac, Malware, Storm Worm | No Comments »
January 24th, 2009 by Steven Adair
Got the full list also being updated and posted on the Shadowserver website at the following URL:
http://www.shadowserver.org/wiki/uploads/Calendar/waledac_domains.txt
However, just wanted to reiterate to people that you should block all of these domains:
Registered January 23, 2009:
adorelyric.com
adorepoem.com
adoresongs.com
bestadore.com
bestlovelong.com
funloveonline.com
youradore.com
yourgreatlove.com
Registered January 19, 2009:
bestgoodnews.com
goodnewsdigital.com
goodnewsreview.com
linkworldnews.com
reportradio.com
spacemynews.com
wapcitynews.com
worldnewsdot.com
worldnewseye.com
worldtracknews.com
Registered January 15, 2009:
bestbarack.com
bestbaracksite.com
bestobamadirect.com
expowale.com
greatbarackguide.com
greatobamaguide.com
greatobamaonline.com
jobarack.com
superobamadirect.com
superobamaonline.com
thebaracksite.com
topwale.com
waledirekt.com
waleonline.com
waleprojekt.com
Older:
bestchristmascard.com
bestmirabella.com
bestyearcard.com
blackchristmascard.com
cardnewyear.com
cheapdecember.com
christmaslightsnow.com
decemberchristmas.com
directchristmasgift.com
eternalgreetingcard.com
freechristmassite.com
freechristmasworld.com
freedecember.com
funnychristmasguide.com
greatmirabellasite.com
greetingcardcalendar.com
greetingcardgarb.com
greetingguide.com
greetingsupersite.com
holidayxmas.com
itsfatherchristmas.com
justchristmasgift.com
lifegreetingcard.com
livechristmascard.com
livechristmasgift.com
mirabellaclub.com
mirabellamotors.com
mirabellanews.com
mirabellaonline.com
newlifeyearsite.com
newmediayearguide.com
newyearcardcompany.com
newyearcardfree.com
newyearcardonline.com
newyearcardservice.com
smartcardgreeting.com
superchristmasday.com
superchristmaslights.com
superyearcard.com
themirabelladirect.com
themirabellaguide.com
themirabellahome.com
topgreetingsite.com
whitewhitechristmas.com
worldgreetingcard.com
yourchristmaslights.com
yourdecember.com
yourmirabelladirect.com
yourregards.com
youryearcard.com
Waledac Exploit Domain List:
googol-analisys.com
seocom.name
seocom.mobi
seofon.net
—-
Also, if you are interested in all things Waledac (omghi2u!), check our Jeremy’s Waledac tracker here:
http://sudosecure.net/waledac/
Posted in Malware, Waledac, Exploits, Botnets, Spam, Storm Worm | No Comments »
