I doubt that there is a list of sites or if there is, there must be bots that look for and find WordPress sites. My sites get attacked even if they never had any malware. http://www.wordfence.com homepage shows a map of attacks in real-time.
If you don't have other users who have to login to the same site, the botnet blocker I wrote about is very effective. You have to change the settings after installing.
IQ Block Country is another good plug-in to block access to the front-end and backend from foreign countries.
The paid version of Wordfence also allows you to block foreign countries and is a better choice since it provides other services with only one plug-in and it's not expensive.