Monday, 10 October 2011
Some TDL/TDSS rootkit sites to block
184.108.40.206/24 is a Romanian host called Eurolan Solutions SRL, I've had this blocked for months with no ill-effects. 220.127.116.11/16 is Petersburg Internet Network Ltd in Russia, the whole /16 is sparsely populated and blocking that would probably do no harm. 18.104.22.168/22 is Latvia host RN Data SIA, given that Latvia hosts are such a sewer then blocking the /22 is probably also a good idea.
As for 22.214.171.124 (OTEL, Bulgaria), there appear to be a few malware servers in 126.96.36.199/23 mixed with several legitimate sites. 188.8.131.52, 184.108.40.206 and 220.127.116.11 also appear to be malicious. Blocking 18.104.22.168/28 should filter out the bad sites without blocking good ones.
The following domains are associated with these IPs, if you can't block by IP then blocking these might be a good idea,