MalwarePatrol

  Malware is everywhere!
Updated every hour
Online since 06/2005 - 7.000.000 hits/month
Last database update: 2014-09-30 22:30 UTC
    

Search MBL#:    

Bookmark and Share

News


09 Sep 14:

A Malware Patrol block List downloader script is available. Please log in using your e-mail address and receipt and you'll find the script and some instruction at the 'How to use the block lists?' section. Let us know if you encounter any difficulties.


07 Jul 14:

We are now monitoring more than 2 million malicious URLs to protect you from malware infections. Systems are deployed on cloud servers to make it all work and there is continued research to produce better threat intelligence and protection products.


25 Apr 14:

New features, spamtraps, data exchange agreements and bug fixes were put in place two weeks ago, resulting in a strong growth in our data feeds / block lists. We're very happy with the expansion in our detection capabilities, enabling us to provide an even better protection against malware infections.


14 Mar 14:

Keep suspicious URLs coming to void@malware.com.br . We'll not accept submissions via the online form anymore starting today.


24 Feb 14:

We are happy to announce the availability of block lists of CryptoLocker command and control domains and IP addresses. If the ransomware can't access its servers, it won't be able to encrypt the victim's files and ask for a ransom.


10 Feb 14:

Services will be unavailable for 30 minutes on Feb 13th, from 2:00 to 3:00AM GMT, when our hosting provider will perform server maintenance.


31 Dec 13:

We wish you an awesome 2014! Thank you for supporting us in 2013. It is also a good time to celebrate we are monitoring more than 1 million suspicious URLs and helping prevent malware infection around the world.


08 Oct 13:

According to previous announcements, access to block lists without authentication was disabled. Users are advised to subscribe to our Premium or Free block lists to continue using our data feeds.


30 Sep 13:

Old users (those that don't supply credentials to download lists) are advised to create a subscription account very soon. The old download system will be discontinued on Oct/7th. Users with subscription accounts don't need to worry.


26 Aug 13:

We are very excited to announce important improvements in our site. Now users can choose between our widely used Free block lists and the new Premium block lists that include additional formats, MD5 hashes for integrity checking and updates every hour. Subscribe now.


08 May 13:

We are investigating the recent instability in our service and there are reasons to believe a faulty host server was causing network problems. Our back-end server was migrated to another box and the kernel was upgraded. We apologize for any inconvenience and expect to have the problem fixed now.


20 Mar 13:

The upgrade of the back-end server was completed successfully. This should improve stability and performance of our services.


05 Jan 13:

The Malware Patrol project is now fully accessible via IPv6!


20 Dec 12:

We would like to thank Kaspersky for supporting our project for another year. Their great anti-virus product plays an important role in our malware confirmation system.


10 Dec 12:

A server failure caused disruption in our services this last weekend. The problem was fixed this morning. Thanks for your comprehension.


31 Oct 12:

Our system erroneously marked more than 19k old URLs as new and started sending confirmation messages to contributors. We sincerely apologize for the inconvenience this caused. All URLs were set to their previous statuses and the cause of the error is under investigation.


21 May 12:

A denial of service attack coming from the static.gvt.net.br network caused slowness and unavailability periods today. We apologize for the inconvenience. No data was lost and all services are operating as expected.


04 May 12:

We are pleased to announce that our data is now included in the URL analysis engine of Virus Total. The information produced by the Malware Patrol project is helping VT users determine the reputation of suspect addresses.


22 Oct 11:

For the first time in six years, our main server was shutdown by the hosting provider because of an abuse complain. A large ISP reported it's IP address accessing a server used by the Zeus trojan. It took some time to have the service restored. Obviously, this access was our crawler reviewing URLs and not a malicious activity. We strongly apologize for the inconvenience caused.


09 Aug 11:

For the first time in six years, our main server was shutdown by the hosting provider because of an abuse complain. A large ISP reported it's IP address accessing a server used by the Zeus trojan. It took some time to have the service restored. Obviously, this access was our crawler reviewing URLs and not a malicious activity. We strongly apologize for the inconvenience caused.


09 Aug 11:

Some users reported trouble accessing one of our domains, malware.com.br. It happened after a server reboot last Sunday night. The issue was fixed and all services are working regularly.


26 May 11:

We faced a problem that prevented some users from downloading our lists during the last many days. The issue, caused by external factors, should now be fixed. We sincerely apologize for any problems this may have caused.


17 Feb 10:

For a few days, we are experiencing server instability. We are currently investigating the causes and making the required adjustments to get the service stable again. We apologize for the inconvenience.


08 Feb 10: A database table corruption put block list downloads unavailable for 15 minutes this afternoon. The table is now repaired and no data was lost. We apologize for any inconvenience this may have caused.


30 Dec 09:
We're done with all server migrations. All updates and crawlers must be back to their regular schedules in the next few days.


21 Oct 09:
We'll start some server migrations that should not impact users. Please let us know in case of problems and also, keep URLs comming!


06 Aug 09:
We found that the bogons list of our DNS servers was outdated, therefore denying access from recently allocated IP ranges. Configs fixed.


08 Jul 09:
We included 5 file extensions to our monitoring system to catch the 0-day that is been used to exploit Windows XP users.


18 May 09:
Today we faced two problems that adversely impacted our users: an unexpected reboot of a database server caused some URLs to change status to "new"; later we had DNS problems in the malware.com.br zone. We sincerily apologize for the trouble this may have caused and assure users that we are working to provide the best service possible. If you still face any problems, please let us know.


03 Apr 09:
There is a 0-day exploit around for PowerPoint files, therefore we are adding ppt to our list of dangerous extensions.


12 Mar 09:
We are now on Twitter. Follow us there and keep up to date with news from the Malware Patrol team.


11 Mar 09:
Some users reported a problem with the Bind list. This issue was confirmed and corrected, it was a minor bug in the list generation code. We thank all users who reported this matter and hope to keep receiving your feedback.


06 Mar 09:
We are pleased to announce we grabbed the malwarepatrol.com domain a few days ago. This establishes an even stronger presence for the Malware Patrol on the web. Enjoy and keep malicious URLs coming!


02 Feb 09 - Update:
today our Data Center is having a bad time keeping our servers reachable. Earlier today they mistakenly suspended our service, suposedly because of an AUP violation that never happened. It took then more than 7 hour to have it back online. A couple of hour ago they rebooted our servers without any notice or reason. We are really sorry for the inconvenience. Work is under way to stabilze the service and refresh our database.


21 Jan 09
A DDoS attack targeted our web servers earlier this week. Fortunately it is over now and all operations are back to normal.


09 Dec 08
We are receiving complains about blocking the site mte.gov.br - Ministerio do Trabalho e Emprego do Brasil. Unfortunately this domain is not blocked by mistake, it is actively hosting a Malware. For more information, please visit MBL #66539.


09 Nov 08
A major hardware failure in the Data Center that hosts some of our servers, got the web site unavailable for some time during this weekend. Everything is up and running again, no data was lost and now we are rebuilding our database of URLs. We strongly apologize for any inconvenience the downtime may have caused. Please let us know if you find any problems.


26 Oct 08
After more than three years of the Malware Block List project we have a new web site and a new name. We are now the Malware Patrol - www.malwarepatrol.net. Our Block Lists are available at the same addresses. New features and services are under development. We hope you like this new look&feel. Please let us know if you have any trouble using our new web site. Our special thanks to all friends who helped during the development stage.


21 Oct 09
We'll start some server migrations that should not impact users. Please let us know in case of problems and also, k eep URLs comming!


08 Sep 09
The SpamAssassin and Postfix lists were slightly changed according to users' suggestions for improvements. We are also working hard on even more crawlling features and since late August we are monitoring additional mailing lists for suspect URLs.


02 Sep 08
We added SWF (Shockwave) to our list of dangerous file extensions. Feel free to report any links to malicious swf files.


15 Aug 08
In a quick poll ours users decided that the Malware Block List shoul d change its name to Malware Patrol. Thanks for voting, we registered the .n et, .org and .com.br domains and will start using then soon.


01 Jun 08
We proudly announce that FRISK donated one year of their Anti-Virus product, F-Prot, that is now being used by our automated engines. Our special thanks for their support to this project.


15 May 08
Some users are experiencing DNS problems since this morning. This is because on e of our Service Providers restored a Virtual Server from an old snapshot with outdated DNS in formation. That server, which works as DNS and URL extractor, is now back to its current state . We sincerely apologize for the inconvenience.


14 May 08
We are proud to announce that since April/08 our list of URLs is been included in the PH list of SURBL. It is a great achievement having our data included in one of the largest RBLs out there.


17 Apr 08
For the third year Kaspersky d onated an 1 year license of their great Anti-Virus for Linux File Servers. We greatly appreci ate their contribution and continued support to our project and hope to keep cooperating with then. Their software plays an important role in our daily fight against the Malware thread.


03 Feb 08
We moved to a new web server today with faster CPU and more bandwidth. H opefully nothing was left behind and nobody noticed the move. Please let us know if you have any trouble. Have fun!


02 Feb 08
Yesterday our main web server suffered of extremely slow I/Os for more then 10 hours. Our service provider took too much time but early today noved us to a new server and the problem is gone. Apologies for the inconveniece.


08 Dec 07
For two and a half years we ran almost without downtimes, but today a major network outage at a Gnax Data Center put our service unreachable for hours. We feel this is unacceptable and a new server in another Data Center is been installed to provide redundancy. We apologize for the inconvenience and urge users to keep sending suspect URLs and to donate helping us pay for server hosting and bandwidth.
Update at 0600UTC: We finally have everything up online. Crawlers are also running again. Thanks for the patience and support.


28 Nov 07
A power outage caused a network disruption rendering 2 of our servers unreachable. It took two hours for our Data Center to fix the problem. We apologize for the inconvenience.


30 Oct 07
According to CVE-2007-5020, specially crafted PDF files that exploit vulnerabilities to download Malware, are actively been included in SPAM messages, therefore we are including PDF to our list of verified extensions.


24 Oct 07
We suffered a DoS attack that caused a very high load in our servers today. New security measures are implemented trying to prevent future attacks. We apologize for the inconvenience.


29 Sep 07
We added the .bmp to the list of extensions verified by our system as the MIRT team informed us that trojans are hidden inside bitmaps.


11 Sep 07
A hard drive crash put our lists inacessible for a couple of hours today. The problem is solved now. We apologize for the inconvenience.


01 Jul 07
We learned that some contributors are using our hosts list with MaraDNS - "A security-aware DNS server". The format used by MaraDNS is called CSV2 and is similar to Hosts. We created a new list for MaraDNS, please test it and let us know the results.


30 Jun 07
Due to a Data Center move from our Service Provider this site will be unavailable starting July 1th 2007 04:00 GMT for 3-4 hours. We apologize for any troubles this may cause, but it is a required move forced upon us.


24 Apr 07
Today one of our engines just got crazy and by mistake sent e-mail messages to some users. The problem is already corrected. We apologize for the inconvenience.


15 Apr 07
One of our users asked for a list of Malware hashes. It is useful for comparing with hashes of e-mail attachments. Please test it and let us know.


09 Apr 07
We are excited to announce the inclusion of a FreeBSD server dedicated to crawling. This will enable us to grab URLs from more sources without compromising the quality of our lists. Each in every URL in our database is checked daily to make sure its status didn't changed. This keeps our data as fresh as possible. Let's 'crawl'!!!


06 Apr 07
We are proud to announce the availability of testing block lists to Firekeeper. This is a Firefox extension that works like a Intrusion Detection and Prevention System. Please test it and let us know the results.


11 Mar 07
A bug was found in our engines when archives contain multiple infected files. The engines were fixed and some URLs revisited. Soon we will start showing multiple infections in the Malware details page.


09 Mar 07
We are pround to announce that Kaspersky donated us a license for another year of their Anti-Virus product. Its been nice working with Kaspersky. It is now perfectly integrated into our automated engines. Thanks for helping our project.


26 Dec 06
Next Thursday, 29/Dec/2006 at 0000UTC, services will be unavailable for about 15 minutes for server maintenance. We apologize for the inconvenience.


17 Dec 06
Donations are now accepted. You can use your PayPal account or Credit Card. Please Donate and help us block and remove Malware from the Internet.


04 Dec 06
Today we had a 20 minute outage caused by a server reboot. Reasons are still unclear but we expect to have details from our Service Provider soon. No submitted URLs were lost. We apologize for the inconvenience.


12 Nov 06
We noticed that several Phishing Scams are using URL redirects evading Anti-Spam regex that look for file extensions. To catch Malware hidden behind redirects we are checking and following multiple levels of redirects.

Some of the block lists that were in testing mode are now considered production. We are also planning to start a DNS "RBL like" list. Stay tunned for news soon.


30 Sep 06
It was a busy month and we have 6 new lists for testing. Keep in mind that, for now, these lists are for testing purposes only. Please send us your feedback.

We also have some new graphs in the stats page showing statistics on the last 180 days.


08 Sep 06
We have some new stuff on the Stats page. Have a look on the Malware found link.

Some other new stuff are on the way, including IODEF lists and automated information on new Malware found.


20 Aug 06
A minor bug in the URL processing system was reported by a contributor and fixed. The list of processed URL extensions is posted in the FAQ.


02 Aug 06
A problem in the Alert system put the main server load too high (>80.00) two times today, during these periods users experienced problems acessing MBL lists. It took us a while to figure this out but everything should be fine by now. We apologize for any inconvenience caused.


17 Jun 06
We made some minor corrections to ClamAV lists and now they are considered in production. Please let us know if you experience any problem.

Our thanks to ClamAV users who contributed to the creation and tests of these lists.


20 May 06
A search engine is now available on the left side menu. If you get one of our alert e-mail messages, fill the form with the MBL# and get full information about the URL and Malware hosted.


19 May 06
We are experiencing some high server load related to daily crawling. The appropriate measures are under way to avoid this problem. We apologize for any inconvenience caused.


22 Apr 06
We reviewed all list creation algorithms to avoid short-length URLs and duplicates (even when they were valid). Thanks for all the reports on list problems. Please let us know if you have any trouble using the MBLs.


15 Apr 06
The migration to the new server07 is completed with almost no downtime. Hopefully nothing was left behind. Please let us know if you experience any difficulties.

This new server has more CPU, memory and runs MySQL 5.0 which will help serving lists and pages faster. Enjoy!


12 Apr 06
The Malware Block List will be moved to a new server until Easter. Please be advised that some instability may occur during this period but we are working to keep it minimum. We apologize for any inconvenience. Running this new server we'll be able to serve lists quicker and add new services to the MBL.


10 Mar 06
A power failure on JVDS got this server down for more than 1 hour. Our understanding is that power failures are not acceptable on professional Data Centers. We hope JVDS will give us further information about this issue and work to avoid future problems.

We sincerely apologise for any inconvenience caused.


03 Mar 06
By popular demand we have an XML block list for testing. This list has a lot of information about infected URLs, including: ASN, ASN data, date of inclusion and Malware found. Please send us feedback.


24 Feb 06
We have a testing version of a block list to Mozilla Adblock Plugin. Please give it a try and let us know your results.


23 Feb 06
The Postfix MTA block list is set as production. New lists will be available soon.


09 Feb 06
We have a testing version of a block list to Postfix MTA. Please give it a try and let us know your results. With user feedback we can fix eventual problems and have a stable list faster.

If you use any product that can work with block lists and we still don't have one formated to it, please let us know.


05 Feb 06
Now you can find a list of ASNs that host malware in the Stats page.


31 Jan 06
The Malware Block List has new Terms and Conditions of use. Please READ the new terms, to be made effective as of 10/feb/06. If you have any question about those terms, please contact us.


29 Jan 06
I'm excited to announce that all crawlling is now multi-threaded which means that for a considerable amount of time we can garantee that all listed URLs are visited at least once a day.

We are also running Apache2.2 + mod_perl which should speed things up.


20 Jan 06
There are some new features on the way for next weeks. Right now multi threading is what I need to work on as crawlling time is getting too long.

Also, I want to thank Jeff Santana for taking care of these servers while I was on vacations. Good job.


13 Dec 05
The MBL works on DansGuardian and SmoothWall. Please let us know if you have any trouble using it.


07 Dec 05
MBL now monitors some newsgroups where spam/email abuse in general is reported.


28 Nov 05
The block list is available for SquidGuard. Agressive lists are still under test, please send us feedback.


20 Nov 05
Agressive block lists are under tests now. Some general list corrections are under way too.


16 Nov 05
FortressITX, the ISP that hosts this server, will be conducting network maintenance on Friday, November 18, starting at 12:00 AM EDT until 02:00 AM EDT. This will involve an estimated 5 minutes of downtime. We apologize for the inconvenience.


20 Oct 05
The issues regarding more then one malware hosted on the same URL directory have being fixed. Duplicates are still shown on reports where it makes sense to do so.


19 Oct 05
The list is being update every 1 hour now. Please keep URLs comming.


19 Sep 05
From today on all MBL lists are available under the Free Documentation License from GNU.org


18 Sep 05
Please update your block lists at most every 2 hours as its not updated more often then this (except on special circunstances). This way our server load keeps low and you'll be up-to-date.


05 Sep 05
Now you can contribute to the list by sending suspect messages to: void@malware.com.br.


01 Sep 05
A block list prepared for SpamAssassin is available. Please test it and let us know your results.


21 Ago 05
The Malware Block List now runs at: www.malware.com.br. Feel free to use any of the addresses as they will coexist.


20 Ago 05
The web site is completely translated to english.


19 Ago 05
A new way to report Malware URLs is being developed. Soon you'll be able to redirect suspect e-mail messages to us and all checking will be done automagically. Stay tunned.


04 Ago 05
The virus scanning is now performed using Jotti's AV engine. With that, 14 anti-virus are used to checked the downloaded files and the malware is redistributed to all those vendors. Thanks to Jordi Bosveld for allowing its usage.


02 Ago 05
The Malware Block List web site is being translated to english. Please allow a couple of days until everything gets translated and double checked.


27 Jul 05
A lista de Malware agora é atualizada a cada 4 horas.


25 Jul 05
Lista preparada para uso no Squid agora formatada com expressões regulares.


07 Jul 05
Primeira versão do Malware Block List disponível para uso gratuito.

Our Stats

New/Queued: 584/8

Blocked: 95,645

Dangerous: 2,428,670

Recent Malware detected

Follow us on Twitter!

Follow the MalwarePatrol on Twitter for more news

Ads by Google



Our thanks to