The Malware Block List

Following up on a few of the things I hadn't seen before from the ISC story about examining sites for malware, today I'm looking at the Malware Block List. So what is the MBL? From the FAQ:

"The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware."

So think like the large spam blacklists. Users submit URLs (either by sending SPAM to them, or by submitting URLs manually) and then the site checks the URLs for malware. Sounds like they have their own client honeypot system doesn't it?

"What technology is used in this system?
The whole system is composed of Open Source software. The engines and spiders are Perl scripts, the database is MySQL, the web server is Apache and the Operating System is Linux Slackware. The only commercial software used is Kaspersky Anti Virus."

So, yes, it does sound rather familiar. From these URLs they then build sanitized lists of URLs or domains which should not be allowed to be accessed by users. What's nice is that they provide these lists in a variety of formats (scroll down on the front page), as well as providing How-Tos on integrating the lists with various products such as SquidGuard, SpamAssassin, BIND or Microsoft DNS servers and others. All in all it looks like a very useful resource for administrators to have a first line of defense against malicious webpages.