[nsp-sec] New Feed: Malware URLs

Stephen Gill gillsr at cymru.com
Thu May 8 16:45:45 EDT 2008 

The nature of the beast with malware Urls is that a large percentage of them
may very well be compromised sites so the traditional sense of "validity" is
vastly decreased.  Any legitimate site can become a malware URL hoster - a
classic example was the superbowl series, or the government sites used as a
convincer for IRS spear phishing.   We do not offer a separate list of known
bad actors that just don't seem to go away, etc.

> Next if we wished to selectively block sites on this list but didn't
> charge our customers for this "service" do I still need written
> permission? 

That seems reasonable - let's call this the written permission ;).

Cheers,
-- steve

>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
>> Stephen Gill
>> Sent: Thursday, May 08, 2008 10:40 AM
>> To: nsp-security NSP
>> Subject: [nsp-sec] New Feed: Malware URLs
>> 
>> ----------- nsp-security Confidential --------
>> 
>> Hi Team,
>> 
>> We are very pleased to announce a new feed available for
>> nsp-sec use!  This
>> feed is a summary of malware URLs we've uncovered and vetted using a
>> combination of AV engines where at least one AV engine has
>> tagged it as
>> malicious.  It includes data that is fed into ASN Alerts
>> minus URLs that we
>> are not permitted to share.
>> 
>> The feed will be updated at 24 hour intervals and will
>> include a summary of
>> all of the URLs from the past day.  The format of the file
>> will be in our
>> standard pipe delimited output with the following columns:
>> 
>> # ASN | Description                    | IP              |
>> Date       | URL
>> 
>> Please point your browsers to the following address in order
>> to download the
>> new feed using your nsp-sec username and password:
>> 
>>     URL:    https://www.cymru.com/nsp-sec/MalwareURL/
>> 
>> PLEASE NOTE: This feed is for non-commercial use ONLY.   If you are
>> interested in including this in a product set or through
>> customer services
>> you MUST obtain our written permission to do so.
>> 
>> If you have forgotten or need to reset your nsp-sec mailing list
>> login and password, you'll find a handy reset tool at the bottom of
>> the following page:
>> 
>>     URL:   https://puck.nether.net/mailman/listinfo/nsp-security
>>  
>> As always we remain keenly interested in any and all
>> suggestions, feedback,
>> and  reports of false positives.  Please send those to <team-
>> cymru at cymru.com>.
>> 
>> -- 
>> Stephen Gill, Chief Scientist, Team Cymru
>> http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
>> 
>> 
>> 
>> 
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>> 
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security
>> community. Confidentiality is essential for effective
>> Internet security counter-measures.
>> _______________________________________________
>> 
>> 
> 
> 
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful.  If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.

-- 
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com

More information about the nsp-security mailing list