Blocking malware URL lookup using BIND

babu dheen babudheen at yahoo.co.in
Tue Oct 25 09:03:12 UTC 2011


Dear All,
 
 We are seeing huge number of malware request going to malware domains performed by some malware infected clients. 
 
 All malware infected clients are trying to reach below URL . We would like to know how we can block if any dns query come to *****.-0-0-0-0-0-0-0-0-0-0.info domain, should be redirected to 127.0.01.
 
 Sample malware domains
 
 2-4-z-g-0-9-4-3-4-8-p-5-r-i-f-3-0-b-3-y-5-a-8-e-0-y-z-s-0-7-q-.0-0-0-0-0-0-0-0-0-0-0-0-0-21-0-0-0-0-0-0-0-0-0-0-0-0-0.info
 
u-r-k-w-5-b-s-7-m-2-p-s-n-j-2-7-3-3-1-q-2-0-i-5-g-9-1-i-0-p-7-.0-0-0-0-0-0-0-0-0-0-0-0-0-41-0-0-0-0-0-0-0-0-0-0-0-0-0.info
 
9-9-e-d-p-b-2-e-r-c-7-1-3-p-v-5-0-b-3-1-1-n-3-h-4-9-i-6-1-r-7-.0-0-0-0-0-0-0-0-0-0-0-0-0-6-0-0-0-0-0-0-0-0-0-0-0-0-0.info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111025/dba99e37/attachment.html>


More information about the bind-users mailing list