asked on

Are there any real-time blacklists of adware/spyware distribution sites?

I want to write a passive "infected machine detector" which will sniff network traffic and identify machines on my LAN that are infested with adware or spyware. I aim to sniff all DNS resolutions, cache the results, and then use a blacklist lookup to tie resolved IP addresses to the bad guy sites.

I know there are a number of realtime black lists for spam-forwarding mail servers. Is there anything like that for servers used for disseminating adware/spyware apps, or catching uploaded spyware data?

I'll award the full 500 for a slam-dunk answer, somewhat less for research suggestions (I'm wasting too much time doing research, and not getting very far).

Rob---

ASKER CERTIFIED SOLUTION

cwkhang

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

blue_zee

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

RHenningsgard

ASKER

cwkhang, the hosts.zip file from http://www.mvps.org/winhelp2002/hosts.htm is in the ballpark, because it specifically identifies adware, "parasite", and trojan sources. I can certainly write a parser that'll strip out the annoying but innocent banner ad sites, and distill the list down to only malware distributors. If this is the best source I can find, it'll be far better than nothing.

blue_zee, the rogue_anti-spyware.htm page is indeed very interesting. It'll provide me a good source of malware products to test in my sandbox.

Y'know, if there's not a killer malware site list out there like the email black hole lists, maybe I'll have to start one...

Anybody else got any malware-perpetrator site lists?

RHenningsgard

ASKER

Well, I've found some additional resources, but you guys got me on to useful tracks, so I'll split the points and close the question. Thanks!

blue_zee

Thank you too.

Zee