Posted by brewt 636 days ago
Category: Content filtering | Tags: malware phishing tagging
sites with viruses, trojans, and other malicious content do not yet have their own category for domain tagging.

with the rise of sites hosted by the Storm Trojan, hosting Zlob fake codec trojans, and myriad other dangerous content, this tag seems like a valuable addition to the domain tagging category set.
comments 14 Comments  

Comments

written by Nat 633 days ago Rating: 6 | Rate Comment: + -

You can suggest it here: http://www.opendns.com/community/domaintagging/submit/

written by Lee Jones 632 days ago Rating: 2 | Rate Comment: + -

I've already suggested it... as a new category, but please do so as well. Also, see http://ideabank.opendns.com/story.php?title=Category_for_Advertisers_versus_AdwareMalware_sites

written by Skip 631 days ago Rating: 5 | Rate Comment: + -

Agreed, also, the existing category adware really should be called malware, which might clear up some confusion as to people filling it with advertising websites.

written by Larry Gilbert 606 days ago - show/hide this comment Rating: -2 | Rate Comment: + -

written by jul43 598 days ago Rating: 2 | Rate Comment: + -

At best, it could include existing lists like:

http://malware.com.br/

http://www.malwaredomains.com/

written by verto8 594 days ago Rating: 1 | Rate Comment: + -

Blocking malicious servers (as in host file) would just be perfect since it blocks most viruses/trojans/worms/spyware/adware/hijackers/dialers/riskware from a central access point (e.g. router) making life a ton easier for network admins and tremendously improving the surfing experience for the user by making it safer and more pleasant. Some recommendations below.

Host-File Like

http://www.mvps.org/winhelp2002/hosts.htm

http://hostsfile.mine.nu/downloads/

http://www.hosts-file.net/?s=Download

http://rlwpx.free.fr/WPFF/hosts.htm

ESPECIALLY THIS: http://rlwpx.free.fr/WPFF/hr.7z

Malicious-Traffic URL Blocking

as mentioned aboved by jul43

This would make OpenDNS irresistible for all types of admins. Thanks for an awsome service and keep up the great work!

written by mamazitta 590 days ago Rating: 5 | Rate Comment: + -

You can't go dumping tens of thousands of entries from various hosts files that are around into OpenDNS. What category are you going to put them all into? How are you going to seperate the hosts file entries into their proper categories? These hosts files contain sites with a large variety of categories. They are mostly ad serving and tracking sites, but there are also a lot of crapware, pr0n, sex, adult, and mix of a lot of other stuff in there. Just take a look and see for yourself. Just my opinion or course.

written by fastoffice 156 days ago Rating: 1 | Rate Comment: + -

.

written by aladinonl 589 days ago Rating: 1 | Rate Comment: + -

@mamazitta

since those sites have malware spread meaning harmful for users, they should be blocked anyway. Of course we r not blibdly block all the domains which occasionally contain malware b/c of users but those with significant of malware.

Infact, i think "adware" should change to "malware".

written by sparko 584 days ago Rating: 3 | Rate Comment: + -

my thoughts:

Getting branded as a malware domain will tarnish that domain's reputation forever (or for quite a long time). I have a huge list of sites collected via the years... and have found that many of the earlier-listed domains have expired & were re-registered. From my point of view, tough luck for the current (any any future) owner of a "coolwebsearch" domain; that one, among many others, will remain on my blacklist forever.

Having tried various locally-implemented approaches to protecting users on our LAN, I've decided it's HUGELY futile to create an all-encompassing blocklist based on hostnames. The monkeyshite operators will clutter your list with myriad (bad997.site.com .. bad999999.site.com) hostnames. Also, with the ballooning number of TLDs, I've found that blocking monkeyshite.com +net +org is rarely enough these days; many operators are going all out, registering monkeyshite.tw +cz +in plus all the other various country code TLDs. So, I've resorted to using a blocklist based on "between-the-dots" pattern-matching.

In the absence of a "malware" category for tagging domains here, I have submitted relevant domains as "adware". Not only will various well-intended submitters have differences of opinion as to where the line should be drawn (advertising vs adware vs malware), MANY domains belong on multiple categorical blocklists (adult + advertising for instance).

WebOfTrust has an initiatieve underway to identify domains, categorically, via user-submitted ratings. They have a toobar; Google shows a red/green/yellow "WOT donut icon" in its search result pages for sites which have been WOT-tagged, to users who have the WOT toolbar/plugin. OOPS! Wow is that system prone to poisoning! Reading their forums, it's clear that mis-informed (naive?) and/or biased users can poision the results -- both by placing a vote to defend an objectionable site and/or by "jumping on the bandwagon" to "punish" a domain owner who posts an objection to the an unjust/unwarranted tagged status his domain has received. (For a prime example of this, find the "church guy" thread in the WOT forum.)

I worry that OpenDNS is inviting confusion by labeling hostname entries as "domains". Regardless of semantics:

Are they/we REALLY going to endlessly submit (and maintain) an infinite list of hostnames, like

haha999cant999catch999me.coolwebsearch.com

as each one appears? Better to agree upon some "threshhold" number of "undesirable" hostnames (per domain) in advance, and block the entire domain once the operator has hailed from XX number of hostnames/subdomains of a given domain.

written by mamazitta 578 days ago Rating: 3 | Rate Comment: + -

sparko

I agree with most of what you say. I too believe there should be another category "Malware" in addition to "Adware". Most of these things are definitely harmful and damaging to computers and should be blocked however possible. I too have submitted a few malware sites into the adware category for lack of any other place to put them.

Here are definitions from wiki. They are different:

Adware: http://en.wikipedia.org/wiki/Adware

Select item 2 in Contents to show some top adware pushers.

Malware: http://en.wikipedia.org/wiki/Malware

This category is much more dangerous than Adware. This includes malicious stuff like worms, viruses, trojans, rootkits, spyware, and other wonderful things nobody wants or needs. A highly desired category that will be beneficial to all for blocking.

Let's hope it gets up and running soon.

written by apluswebmaster 557 days ago Rating: 2 | Rate Comment: + -

See:

ShadowServer

- http://www.shadowserver.org/wiki/

Internet Storm Center

- http://isc.sans.org/diaryarchive.html

F-secure weblog

- http://www.f-secure.com/weblog/

.

written by brewt 557 days ago Rating: 2 | Rate Comment: + -

I definitely want to avoid squabbling over how bad adware has to be before it is considered malware.

For this reason, the "malware" tag should encompass a clearly distinct category of sites.

Perhaps the tag can be named "viruses/malware" or something similar to emphasize how distinct it is from regular adware/spyware.

This would cover not only viruses, but also worms, trojan horses, rootkits, exploits, rogue antivirus/antispyware, redirection sites, etc.

written by ldillon 4 hours ago Rating: 0 | Rate Comment: + -

It looks like opendns is dragging their feet on this because they want to offer something similar in their enterprise (pay) version. I hope I'm wrong about this.


Sign in to comment or register here.