Just How Many Ransomware Web Sites Are There?

Discussion in 'malware problems & news' started by itman, Jul 25, 2016.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I use this web site's URL blacklist and load it into Eset's web filter: http://ransomwaretracker.abuse.ch/blocklist/ . This site's blacklists are updated every 5 mins.. Most recent URL blacklist download(today) showed 1435 URLs.

    Interestingly, I have been using this blacklist for a while and never received a block alert from Eset. I also just click away when it comes to accessing web sites.
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Thanks for link to blacklist. What do you use on a desktop to download and update automatically?
     
  3. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    I have these lists in uBlockO, extra protection for very little extra overhead.
     
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Is that in a browser?
     
  5. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Yes!!
     
  6. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    thanks for the link. I will also add to my eset's web filter.
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Thanks! Added to uMatrix.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Lists are display in a browser web page as text upon download. Just copy web page details and save in notepad as a .txt file removing any comment lines. I then just import the .txt file to a user list I created in Eset's web filter.

    If your security solution only allows importing in hosts file format, you would have to add a 0.0.0.0 prefix so each line entry appears as "0.0.0.0 www.xxxxxxx.com" less the quotes. Note that a space exists between 0.0.0.0 and the URL. As an alternative, you can also just add above to your OS hosts file if your security solution doesn't allow URL additions.
     
  9. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I am using agnitums outpost firewall and hope to add it to the "ip blocklist" it has for adding single urls manually.
    Hopefully i can import it instead.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Too much hassle for too little protection. Don't mind but for me who even doesn't use an AV, it is totally waste of time in my opinion.
     
  11. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    No joy importing just a blank list.

    Tried editing the my current manual one and the ransomware sites are not picked up.
    I guess someone else will have to look at this as its beyond my capability for now.
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I believe the Outpost list is for IP addresses only? So you would have to download the corresponding IP address list from the above posted link.

    Also, Outpost IP blocking list import might require the file to be in hosts file format as I noted previously; I know Emsisoft requires this. When I have to add a 0.0.0.0 prefix, I just use Excel and dup the 0.0.0.0 I entered in the first row of the column I inserted preceding the existing IP address column into all the remaining rows.
     
  13. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I tried the iP address version as well but still imports as blank.
     
  14. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    I don't know if it's really worth the effort. On the other hand, it's a breeze to add those 3 lists to uMatrix or uBlock Origin. And I noticed that in uMatrix nearly all of their entries are used - i.e. there are practically no duplicates in the other hosts files. So why not use them ...
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Using this Wilders thread as reference: https://www.wilderssecurity.com/threads/ip-blocklist-for-outpost-firewall-update.234095/ appears Outpost has some convoluted way of importing an IP blocklist. Also appears this download might not even work anymore since OP is no longer supported.

    Appears this downloaded Outpost IP block list is in some special format. So don't know if IPs could be added to it prior to importing into Outpost. Also it appears the import is a total replace of anything in the existing Outpost IP block list?
     
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    If these lists are being updated every 5 minutes, one can't keep manually adding the latest additions to their security solution of choice unless the lists will then be updated automatically after first import. Does that happen?
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    If you're referring to the Eset web filter lists, those are all static and have to be manually updated by the user. I just delete what is in my custom ransonware list and import the latest URL download from the web site. If you import the latest download on top of the existing Eset list, I believe you will end up with duplicates.

    You could do the above procedure once a day or week or whenever. Whatever you're comfortable with.

    I just checked the latest URL on the web site and over 300 new URLs added in a couple of days .......... Yikes!
     
  18. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Yes i used the URL list instead in the site blocking tab so seems to be okay now.
    thanks for the help
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.