News

08 Sep 08
The SpamAssassin and Postfix lists were slightly changed according to users' suggestions for improvements. We are also working hard on even more crawlling features and since late August we are monitoring additional mailing lists for suspect URLs.

02 Sep 08
We added SWF (Shockwave) to our list of dangerous file extensions. Feel free to report any links to malicious swf files.

15 Aug 08
In a quick poll ours users decided that the Malware Block List should change its name to Malware Patrol. Thanks for voting, we registered the .net, .org and .com.br domains and will start using then soon.

01 Jun 08
We proudly announce that FRISK donated one year of their Anti-Virus product, F-Prot, that is now being used by our automated engines. Our special thanks for their support to this project.

15 May 08
Some users are experiencing DNS problems since this morning. This is because one of our Service Providers restored a Virtual Server from an old snapshot with outdated DNS information. That server, which works as DNS and URL extractor, is now back to its current state. We sincerely apologize for the inconvenience.

14 May 08
We are proud to announce that since April/08 our list of URLs is been included in the PH list of SURBL. It is a great achievement having our data included in one of the largest RBLs out there.

For more news click here.

The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware. The list is available in 29 formats. If you need other format please let us know

This service is provided freely, for non-commercial use, and is the result of a community effort. Our frequent contributors include CSIRTs, security groups, universities, security professionals and regular users around the world.

You also can contribute to the Malware Block List by filling the form below or sending suspect e-mail messages to void@malware.com.br.

If you are an end user and just want to find out how to protect yourself from Malware, ask your Internet Service Provider to use some sort of e-mail and web access filters, otherwise read our quick HowTos for softwares like Squid, SpamAssassin and ClamAV.

Your use of this web site constitutes your agreement to all Terms and Conditions. If you want to use the block lists available here in a commercial product please contact us for licensing information.

Goals

This project has the following goals:

To make available for free a centralized and automatically updated list of URLs that point to Malware. These lists can be used by system/network administrators to block user access to infected addresses. With the access blocked the risk of users getting infected by viruses is greatly reduced.
To enable users and administrators to easily contribute to the Malware Block List including new URLs suspected of pointing to Malware.
To alert administrators of hosts, domains and ASs for the presence of Malware. Administrators are urged to removed the Malware found and to investigate the criminal activity that may be under way.
To consolidate statistics about Viruses, Trojans and Worms that are at large.
To list domains that host Malware.

Malware

Keeping it simple, Malware is a generic term used to describe any malicious software, eg: viruses, trojan horses, worms, etc.

Contribute

The contribution and usage of the Malware Block List are free for non-commercial use. To produce a list as accurate as possible we need contributors who submit suspect URLs received in e-mail messages. All URLs are inspected by our automated system and added to the list if a Malware is found.

You can send suspect e-mail messages to the address: void@malware.com.br or fill the following form. To send your links using the form, please follow these simple steps:

Fill the form below with your e-mail address and suspect URL(s)
You will receive an e-mail message pointing to a validation URL. This link must be accessed to verify that your e-mail address is valid. Validation is required to prevent the system from being abused.
As soon as you validate your address, all URLs you submitted will be visited and analyzed by our detection system to determine if the link points to Malware or not.
Crawling results will be sent to you by e-mail.
You will be notified by e-mail of the crawlling results.
Every URL pointing to Malware is included in the lists

To keep the lists up to date, all URLs are visited, at least, daily and a new analysis is performed. If the Malware is not available anymore, the URL is marked as inactive and removed from the block lists. URLs marked as inactive or not found are visited daily too to make sure they don't get active again.

Addresses that point to files with extensions considered "non-dangerous" are not visited by the automated system. This render this site useless for attacking innocent web addresses. URL redirects are followed and checked.

Please fill the following form to contribute to the Malware Block List:

Block Lists

Malware Block Lists are available for non-commercial use in several formats:

	Regular List	Aggressive List
BIND like DNS Servers	N/A	Download
ClamAV Virus DB (basic)	Download	Download
ClamAV Virus DB (ext)	Download	Download
DansGuardian	Download	N/A
Firekeeper 0.2.9 or newer	Testing	Testing
Hosts file - 127.0.0.1	N/A	Download
Hosts file - 127.0.0.3	N/A	Download
Hosts file - 0.0.0.0	N/A	Download
Hosts file - MacOS pre OS-X	N/A	Testing
MailWasher block filters	Download	N/A
MaraDNS - CVS2	N/A	Download
MD5/SHA-1 hashes	Testing	N/A
Microsoft DNS Server	N/A	Testing
Mozilla cookie filtering	N/A	Download
Mozilla Firefox AdBlock	Download	Soon
Plain text	Download	Download
Postfix MTA	Download	N/A
SmoothWall	Download	N/A
SpamAssassin	Download	N/A
Squid Web Proxy ACL	Download	Download
SquidGuard	Download	N/A
Symantec Security for SMTP	Download	N/A
Symantec WebSecurity	Download	N/A
XML	Download	Soon

Regular lists include URLs with directories (ex: http://www.foo.bar/dir).
Aggressive lists block the entire domain that hosts malware (ex: http://www.foo.bar).

HowTo use the Malware Block List on Postfix;
HowTo use the Malware Block List on Squid;
HowTo use the Malware Block List on SquidGuard;
HowTo use the Malware Block List on SpamAssassin;
HowTo use the Malware Block List on MailWasher;
HowTo use the Malware Block List on ClamAV (basic format);
HowTo use the Malware Block List on Microsoft DNS Servers;
Download mbl.zone.file for Bind like DNS Servers;

AV Checking

All files downloaded from submitted URLs are checked using Kaspersky Anti-Virus and F-Prot Anti-Virus. Our special thanks to Kaspersky Lab and FRISK for donating annual licenses of their great Anti-Virus.