Cyber volunteers release blocklists for 26,000 COVID-19 threats

Cyber volunteers release blocklists for 26,000 COVID-19 threats

 

COVID-19 (Coronavirus) | Freeman Health System

A block list of known URLs and domain names associated with Coronavirus-themed scams, phishing attacks and malware threats has been released by the COVID-19 Cyber Threat Coalition.

The coalition is a international organization that was established towards the end of March 2020 to disseminate information about new threats attempting to exploit the Coronavirus pandemic.

This COVID-19 Cyber Threat Coalition is made up of leaders from the cybersecurity sector, major enterprises, cyber intelligence firms and antivirus vendors who use the information gathered to protect companies, customers, government and healthcare organizations from online attacks.

Blocklists released to protect enterprises and consumers

As part of this initiative, the group has created two blocklists containing URLs or domain names believed to be associated with attacks on healthcare, government, and business organizations or linked to “inspired” Coronavirus scams, phishing attacks, and malware.

The URL blocklist currently consists of 13,863 malicious URLs that have been seen in attacks, and the domain blocklist now contains 12,258 malicious domains and hostnames.

Current URL blocklist
Current URL blocklist

These blocklists can be used by both customers and the business in locally operating DNS sinkhole solutions like Pi-Hole, feeding them into firewalls or protected gateways, or using them in other security solutions.

Local users wishing to use the domain blocklist to cover a single machine may also convert it to a HOSTS file by simply adding 127.0.0.1 to each hostname, as shown below.

Converted into a HOSTS file

This will create a 452 KB file with the current list of domains, which will cause performance problems in Windows 10.

If you’re building a HOSTS file from these blocklists, let us know how it’s going and see any performance problems.

Be sure to update them at least twice a day, as both of these blocklists are updated every 10 minutes if you use them to improve your protection.

Posted on