Are there any real-time blacklists of adware/spyware distribution sites?

I want to write a passive "infected machine detector" which will sniff network traffic and identify machines on my LAN that are infested with adware or spyware.  I aim to sniff all DNS resolutions, cache the results, and then use a blacklist lookup to tie resolved IP addresses to the bad guy sites.

I know there are a number of realtime black lists for spam-forwarding mail servers.  Is there anything like that for servers used for disseminating adware/spyware apps, or catching uploaded spyware data?

I'll award the full 500 for a slam-dunk answer, somewhat less for research suggestions (I'm wasting too much time doing research, and not getting very far).

Rob---


LVL 2
RHenningsgardAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cwkhangCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
blue_zeeCommented:

Not exactly what you want/need, but surely useful:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Zee
0
RHenningsgardAuthor Commented:
cwkhang, the hosts.zip file from http://www.mvps.org/winhelp2002/hosts.htm is in the ballpark, because it specifically identifies adware, "parasite", and trojan sources.  I can certainly write a parser that'll strip out the annoying but innocent banner ad sites, and distill the list down to only malware distributors.  If this is the best source I can find, it'll be far better than nothing.

blue_zee, the rogue_anti-spyware.htm page is indeed very interesting.  It'll provide me a good source of malware products to test in my sandbox.

Y'know, if there's not a killer malware site list out there like the email black hole lists, maybe I'll have to start one...

Anybody else got any malware-perpetrator site lists?
0
RHenningsgardAuthor Commented:
Well, I've found some additional resources, but you guys got me on to useful tracks, so I'll split the points and close the question.  Thanks!
0
blue_zeeCommented:

Thank you too.

Zee
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.