Blocking malicious sites with Adblock Plus · 2008-07-03 11:48 by Wladimir Palant
Note: Sorry, comments are closed now (2010-09-28). While it is great that lifehacker decided to mention my two years old blog post, I don’t really feel like reading comments from people who didn’t bother to read my blog post. If you need some info on Malware Domains list or want to comment on it — malwaredomains.com is where you should go. If you want to comment on the lifehacker article — please do so on lifehacker.com.
I was reading about yet another wave of attacks exploiting a Flash vulnerability. It turned out that the Flash vulnerability used was already fixed but that doesn’t really matter — Adobe seems incapable of updating users to a secure Flash version in a timely fashion. So Firefox users were at risk here as well, and the continuing waves of SQL Injection attacks inserting malicious iframes into trusted websites didn’t exactly make the situation better.
Yet the domains participating in the attacks are known, so there must be a way to block them. Of course I checked the malware filter in Firefox 3 first, yet it didn’t recognize the sites as malicious. It might have been that the sites were too new, yet the information on Google for some of the older domains indicated that these have been scanned and nothing objectionable could be found. Not sure what Google’s scans look at, but I guess they simply have a different focus — the idea is to block sites the user might go to unintentionally rather than malicious Flash objects that could be easily served with ads for example.
I searched for other lists of malicious domains and quickly found one aggregating multiple sources of information including Dancho Danchev’s blog posts I linked to above. The list is mainly meant for DNS servers, but why not try to use it in Adblock Plus? The script to convert the list was easily written, discussing the matter with the author of the list and finding hosting for the Adblock Plus filter subscription took somewhat longer — but now it is all done.
Using this filter subscription will also require 20 MB more memory and up to 25 MB download bandwidth per month. I’ll continue working on performance optimizations, but if you can live with the performance cost and want to try it already: click here to subscribe to the list in Adblock Plus (listed on the usual list of filter subscriptions as well of course).
Commenting is closed for this article.