Sponsored by..

Thursday, 29 November 2012

Vobfus sites to block

These domains and sites appear to be connected to the Vobfus worm, hosted on 222.186.36.108 (Chinanet Jiangsu Province Network). There seems to be quite a bit of this worm about at the moment (auto translated).

This is a short list of domains to block (scroll down to the bottom for more details) all of which appear to be directly connected to the Vobfus worm:

222.186.36.108 
chopbell.net
chopstickers.org
chopsuwey.org
chopzones.org
ddns1.eu
helpchecks.net
helpupdated.com
helpupdated.net
helpupdated.org
helpupdatek.at
helpupdater.net
helpupdates.biz
helpupdates.com
mediashares.org
mysearchhere.net
paris-hack.com
zdns.eu

zdns.eu and ddns1.eu are Dynamic DNS services provided by another party not directly connected to the worm. I recommend you block access to them anyway (more on this at a later date)

The following list is of domains that share nameservers with the Vobfus domains. You can make a decision if you want to do anything about these on your own network.

62.109.2.225
artishok.ru

78.46.22.15
alfataxi.info
pronash.com
smspay4.com
youmult.com

78.46.109.155
hitroe.com

84.45.76.100
ddns1.eu

159.253.142.40
adult-sms.com

159.253.142.44
mobilcent.com
mobilcent.ru

174.37.204.89
xlget.com

176.9.36.18
nikapro.com

178.63.65.11
couchness.com

208.43.108.100
smscoin.com

208.43.108.101
smscoin.net

208.43.251.58
userend.info

Not resolving
chopbell.net
helpchecks.net
helpupdated.net
helpupdater.net
helpupdates.biz
musicmixa.net
musicmixa.org
musicmixc.com
musiczipz.com
(Yes, some of these are listed elsewhere. The spreadsheet below will make it a little more clear, I hope)

An expanded list of sites with WOT ratings can be found here if you want to poke around at them.

No comments: