RHenningsgard
asked on
Are there any real-time blacklists of adware/spyware distribution sites?
I want to write a passive "infected machine detector" which will sniff network traffic and identify machines on my LAN that are infested with adware or spyware. I aim to sniff all DNS resolutions, cache the results, and then use a blacklist lookup to tie resolved IP addresses to the bad guy sites.
I know there are a number of realtime black lists for spam-forwarding mail servers. Is there anything like that for servers used for disseminating adware/spyware apps, or catching uploaded spyware data?
I'll award the full 500 for a slam-dunk answer, somewhat less for research suggestions (I'm wasting too much time doing research, and not getting very far).
Rob---
I know there are a number of realtime black lists for spam-forwarding mail servers. Is there anything like that for servers used for disseminating adware/spyware apps, or catching uploaded spyware data?
I'll award the full 500 for a slam-dunk answer, somewhat less for research suggestions (I'm wasting too much time doing research, and not getting very far).
Rob---
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, I've found some additional resources, but you guys got me on to useful tracks, so I'll split the points and close the question. Thanks!
Thank you too.
Zee
ASKER
blue_zee, the rogue_anti-spyware.htm page is indeed very interesting. It'll provide me a good source of malware products to test in my sandbox.
Y'know, if there's not a killer malware site list out there like the email black hole lists, maybe I'll have to start one...
Anybody else got any malware-perpetrator site lists?