Malware Patrol’s #1 goal is to protect customers from malware and ransomware infections. These days, this can mean blocking mainstream domains. Consequently, our customers report potential false positives for sites like docs(.)google(.)com, drive(.)google(.)com, dropbox(.)com and github(.)com. Systems like Google Docs serve files from their root directories. This forces some block list formats to then block the entire domain, frustrating users.
Sadly, these popular websites host more malware than ever. It is not that their companies don’t try to prevent such threats. They have their valuable reputations to protect. The problem is that there’s a certain amount of time between the upload of files and the detection of malicious behaviors. Attackers exploit this window of opportunity to distribute their campaigns and infect users.
It’s Called Reputation-Jacking
Using trusted domains to host malicious content has become such a prevalent threat that a term was coined for it: ‘reputation-jacking’. Our blog post “Reputation Jacking: Unknown Threats on Well-Known Sites” explains that many Internet users are learning the hard way that malware can be found on the most popular domains. There are many websites that users automatically assume are safe when in fact they may not be.
Excluding Domains from Malware Patrol Block Lists
At Malware Patrol, we believe in providing users the data they need to be protected from malware and ransomware. We also understand that it is not always possible to block mainstream websites. However, we still want to give customers all the data we find so they can choose how to use it.
If you can’t or don’t want to block a certain domain, we advise you to remove the related entries from our block lists. This can be done right after they are downloaded. The exact way to do it depends on your environment and configuration, but simple shell commands like ‘cat _filename_ | grep -v _domain_ > _new_file_name_’ can remove entries.
For help automating the removal of domains from block lists, contact our tech support via email – support (@) malwarepatrol.net – and they’ll be happy to help. Please remember to mention the block list you use and how you download it.
We hope you will find this information valuable to better understand our mission as well as how you can customize our block lists to suit your needs.