Updated every hour
Online since 06/2005 - 7.000.000 hits/month
Last database update: 2014-10-31 02:30 UTC
FAQ - Frequently Asked Questions
This FAQ provides answers to the most frequently asked questions. Please read it and if you still have something to ask drop us a line.
- How often are the lists updated?
Every URL in our database is visited at least once a day. This way we can guarantee the lists are up to date. New URLs are visited no later then 1 hour after submission. It means that our database is continuously updated.
- What is the Malware Block List?
The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware.
- What is a Malware?
According to Wikipedia:
"Malware is software designed to infiltrate or damage a computer system, without the owner's informed consent. The term is a portmanteau of "mal-" (or perhaps "malicious") and "software", and describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and some adware. In law, malware is sometimes known as a computer contaminant..." Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful bugs."
- What are MBL Alerts?
MBL Alerts are e-mail messages sent automatically when a new Malware is found online. These messages are sent to domain administrators and corresponding CSIRTs. Every MBL Alert has an unique ID that can be searched for more information on the Malware found. Please use the search field on the left side of every page.
- How can I help this project?
To help the Malware Block List you can:
- Send all your Spam to: firstname.lastname@example.org Every message sent to this address is automatically scanned to extract URLs, even obfuscated ones. The addresses are queued for later review for the presence of Malware.
- Send suspect web addresses by e-mail to: email@example.com or using our submission form.
- If you are responsible for a domain or an ISP, setup a Spamtrap and redirect it to firstname.lastname@example.org If you feel you'll be sending a massive amount of messages please contact us for special arrangements.
- If you are a member of a CSIRT please contact us. We are having great results exchanging real time information with security groups around the world.
- System maintenance and development requires time and money, if you are willing to donate money please contact us.
- We have a press release that can be of use for media, please let us know if you are writing an article about us. We'll be glad to help with more information.
- If you are willing to help in any other way, please let us know.
- Why do you need Donations?
The Malware Block List is a not-for-profit project and lists are freely available for non-comercial use. We make no money from this project and donations help us pay for server hosting and bandwidth.
- What technology is used in this system?
The whole system is composed of Open Source software. The engines and spiders are Perl scripts, the database is MySQL, the web server is Apache and the Operating System is Linux Slackware and FreeBSD. The only commercial software used is Kaspersky Anti Virus which was donated.
- Can you send me your Malware samples?
No! We do not send Malware colected on the Internet to anyone, please do not ask for it. If we find software we believe is Malware but no anti-virus detects it, we send the sample to trustworthy anti-virus vendors.
- Can I get an unsanitized list of URLs?
We do not make unsanitized URLs public. If you have a real need for it, please contact us. We exchange such lists with CSIRTs and known security groups.
- Which URL extensions are automatically processed?
The following extensions are automatically processed today. We have plans to process all URLs but hardware and bandwidth limitations make it impossible:
ad, ade, adp, bas, bmp, cab, chm, cmd, com, cpl, crt, exe, hlp, inf, ins, isp, jar, lnk, msc, msi, msp, mst, pcd, pdf, pif, ppt, rar, reg, scr, sct, shb, shs, swf, url, vb, vbe, vbs, vss, vst, vsw, ws, wsc, wsf, wsh, zip, axs, lpk, ocx, rbx, vbd
If you think some other extension should be included for any reason, please let us know.
- Do I need a commercial license to use the Malware Patrol block lists in an ISP (Internet Service Provider) or an email hosting company?
A commercial license is always needed when our lists are used on commercial products or for any commercial purpose. Therefore, the only type of ISP or email hosting provider that doesn't need a commercial license are those that provide services entirely free of charge for users. If you work for an ISP that uses our lists or wants to use them, please contact us to receive a commercial usage proposal.
How to use the block lists?
Most commonly, our block lists are used on servers running software like Squid or SpamAssassin. A command line, like the following, is the best way to download a block list:
/usr/bin/wget --no-check-certificate -O /tmp/mbl.txt '_URL_'
_URL_ can be obtained from the list of malware block lists above, just right click the appropriate "download" link and then "Copy Link Location" - this is your _URL_.
it is important to notice that _URL_ should be enclosed on single quotes, like in the example command line, otherwise it won't work.
there is no need to provive "--user" and "--password" options to wget, only the _URL_ copied as previously described.
this example command line will save your block list to '/tmp/mbl.txt', it can be adjusted to your environment.
other software like curl can be used to download block lists, this is just an example.
we suggest you add the download command line as a cron job set to run every hour.
if you have any questions or experience difficulties, don't hesitate in contacting us for support.
You can contact us at the following addresses:
To send suspect e-mails and URLs: email@example.com
For tech support and questions related to your account: support (_a_t_) malwarepatrol.net
To report false positives or list problems: fp (_a_t_) malwarepatrol.net
For commercial inquiries, please contact: commercial (_a_t_) malwarepatrol.net
Glossary of Terms
Definitions of commonly used Malware terms (adapted from Wikipedia articles):
- Adware: software with advertising functions integrated into or bundled with a program.
- Antivirus: software that attempts to identify, neutralize or eliminate malicious software.
- Backdoor: a hidden method for bypassing normal computer authentication systems.
- Downloader: software that downloads and runs another software, usually a Malware.
- Dropper: software that installs a Malware without being infectious itself.
- Malware: any malicious software, eg: viruses, trojan horses, worms, etc.
- Rootkit: a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers.
- SPAM: unsolicited junk e-mail.
- Spamtrap: an e-mail address that is created not for communication, but rather to lure spam. In order to prevent legitimate email from being invited, the e-mail address will typically only be published in a location hidden from view such that an automated e-mail address harvester (used by spammers) can find the email address, but no sender would be encouraged to send messages to the email address for any legitimate purpose.
- Spyware: software that is installed surreptitiously on a computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.
- Trojan: software which appears to perform a certain action but in fact performs another. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be acutely malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs.
- Virus: computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.
- Worm: malicious programs that copy themselves from system to system, rather than infiltrating legitimate files.