MalwarePatrol

This FAQ provides answers to the most frequently asked questions. Please read it and if you still have something to ask drop us a line.

1. How can I download URL block lists?
   

   You need to subscribe to one of our lists. This means you must choose which option best fulfill your needs and sign up for it. After signing up, you'll receive and email message with details on how to download the block lists.

2. Why do I need to subscribe?
   

   Since June/2005 we provide accurate and up to date block lists for users around the world. These lists help to block access to Malware and prevent end users' infections. During this time we relied on users' donations to pay for the hosting of servers, bandwidth and storage. Unfortunately, the volume of donations was insufficient.
   
   With this in mind and the desire to continue providing high quality lists of URLs, we decided to implement a subscription based system. We remain providing block lists free of charge but there is also a payed option now.
   
   Please visit our lists page for more details but basically all users are required to create an account, following a simple two steps subscription process. Users can choose to subscribe to our free lists, that are updated with a delay, or to the Fresh Lists that grants access to all list formats and is update every hour, as usual.
   
   Note that current users are required to subscribe. The current URL schema will be discontinued on Feb 1st 2010 when only subscribed users will be able to cotninue downloading our block lists.
   
   

3. I'm a frequent contributor, do I need to subscribe?
   

   If you are an active contributor to the Malware Patrol project, you may be granted free access to Fresh Lists, just drop us a line and we'll make the necessary arrangements. That is our way to thank you for contributing to our project.

4. How often are the lists updated?
   

   Every URL in our database is visited at least once a day. This way we can guarantee the lists are up to date. New URLs are visited no later then 1 hour after submission. It means that our database is continuously updated.

5. What is the Malware Block List?
   

   The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware.

6. What is a Malware?
   

   According to Wikipedia:
   "Malware is software designed to infiltrate or damage a computer system, without the owner's informed consent. The term is a portmanteau of "mal-" (or perhaps "malicious") and "software", and describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and some adware. In law, malware is sometimes known as a computer contaminant..." Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful bugs."

7. What are MBL Alerts?
   

   MBL Alerts are e-mail messages sent automatically when a new Malware is found online. These messages are sent to domain administrators and corresponding CSIRTs. Every MBL Alert has an unique ID that can be searched for more information on the Malware found. Please use the search field on the left side of every page.

8. How can I help this project?
   

   To help the Malware Block List you can:

   • Send all your Spam to: void@malware.com.br Every message sent to this address is automatically scanned to extract URLs, even obfuscated ones. The addresses are queued for later review for the presence of Malware.
   • Send suspect web addresses by e-mail to: void@malware.com.br or using our submission form.
   • If you are responsible for a domain or an ISP, setup a Spamtrap and redirect it to void@malware.com.br If you feel you'll be sending a massive amount of messages please contact us for special arrangements.
   • If you are a member of a CSIRT please contact us. We are having great results exchanging real time information with security groups around the world.
   • System maintenance and development requires time and money, if you are willing to donate money please contact us.
   • We have a press release that can be of use for media, please let us know if you are writing an article about us. We'll be glad to help with more information.
   • If you are willing to help in any other way, please let us know.
   
   
9. Why do you need Donations?
   

   The Malware Block List is a not-for-profit project and lists are freely available for non-comercial use. We make no money from this project and donations help us pay for server hosting and bandwidth.

10. What technology is used in this system?
    

    The whole system is composed of Open Source software. The engines and spiders are Perl scripts, the database is MySQL, the web server is Apache and the Operating System is Linux Slackware and FreeBSD. The only commercial software used is Kaspersky Anti Virus which was donated.

11. Can you send me your Malware samples?
    

    No! We do not send Malware colected on the Internet to anyone, please do not ask for it. If we find software we believe is Malware but no anti-virus detects it, we send the sample to trustworthy anti-virus vendors.

12. Can I get an unsanitized list of URLs?
    

    We do not make unsanitized URLs public. If you have a real need for it, please contact us. We exchange such lists with CSIRTs and known security groups.

13. Which URL extensions are automatically processed?
    

    The following extensions are automatically processed today. We have plans to process all URLs but hardware and bandwidth limitations make it impossible:
    

    ad, ade, adp, bas, bmp, cab, chm, cmd, com, cpl, crt, exe, hlp, inf, ins, isp, jar, lnk, msc, msi, msp, mst, pcd, pdf, pif, ppt, rar, reg, scr, sct, shb, shs, swf, url, vb, vbe, vbs, vss, vst, vsw, ws, wsc, wsf, wsh, zip, axs, lpk, ocx, rbx, vbd
    

    If you think some other extension should be included for any reason, please let us know.

14. Do I need a commercial license to use the Malware Patrol block lists in an ISP (Internet Service Provider) or an email hosting company?
    

    A commercial license is always needed when our lists are used on commercial products or for any commercial purpose. Therefore, the only type of ISP or email hosting provider that doesn't need a commercial license are those that provide services entirely free of charge for users. If you work for an ISP that uses our lists or wants to use them, please contact us to receive a commercial usage proposal.

Definitions of commonly used Malware terms (adapted from Wikipedia articles):

•   Adware: software with advertising functions integrated into or bundled with a program.


•   Antivirus: software that attempts to identify, neutralize or eliminate malicious software.


•   Backdoor: a hidden method for bypassing normal computer authentication systems.


•   Downloader: software that downloads and runs another software, usually a Malware.


•   Dropper: software that installs a Malware without being infectious itself.


•   Malware: any malicious software, eg: viruses, trojan horses, worms, etc.


•   Rootkit: a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers.


•   SPAM: unsolicited junk e-mail.


•   Spamtrap: an e-mail address that is created not for communication, but rather to lure spam. In order to prevent legitimate email from being invited, the e-mail address will typically only be published in a location hidden from view such that an automated e-mail address harvester (used by spammers) can find the email address, but no sender would be encouraged to send messages to the email address for any legitimate purpose.


•   Spyware: software that is installed surreptitiously on a computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.


•   Trojan: software which appears to perform a certain action but in fact performs another. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be acutely malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs.


•   Virus: computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.


•   Worm: malicious programs that copy themselves from system to system, rather than infiltrating legitimate files.