Monday, 10 October 2011
Some TDL/TDSS rootkit sites to block
22.214.171.124/24 is a Romanian host called Eurolan Solutions SRL, I've had this blocked for months with no ill-effects. 126.96.36.199/16 is Petersburg Internet Network Ltd in Russia, the whole /16 is sparsely populated and blocking that would probably do no harm. 188.8.131.52/22 is Latvia host RN Data SIA, given that Latvia hosts are such a sewer then blocking the /22 is probably also a good idea.
As for 184.108.40.206 (OTEL, Bulgaria), there appear to be a few malware servers in 220.127.116.11/23 mixed with several legitimate sites. 18.104.22.168, 22.214.171.124 and 126.96.36.199 also appear to be malicious. Blocking 188.8.131.52/28 should filter out the bad sites without blocking good ones.
The following domains are associated with these IPs, if you can't block by IP then blocking these might be a good idea,