Spamhaus RPZ (Response Policy Zones) service successfully protected a customer over the weekend from over 10,000 attempted connections to a C&C server that was distributing malware
Users across the USA have been protected from a compromised ad-blocker site thanks to Spamhaus Response Policy Zone blocklist identifying it as being a botnet command and control server.
A US-based multi-site operation uses ad-blockers as a standard tool to stop unwanted pop-ups, drive-by malware sites and just nuisance network activity. But when the ad-blocker was compromised, each connection to it could carry a threat with the potential damage escalating rapidly as automated, constant connection to ad-blockers is needed for them to be effective.
However with the compromised server’s domain identified as being under botnet control on the Spamhaus RPZ blocklist, the botnet threat was choked with more than 10,000 queries to the compromised machine blocked in 48 hours.