Botnet listings increase by 50% over the past weeks on XBL

October 29, 2018 by The Spamhaus Team

The following article was originally published by The Spamhaus Project, October 2018.

Haus Bot saying Exploits Block List increases by 50%After somewhat of a ‘lull’ in botnet activity over the past year  there has been a significant upswing in the number of listings on the Spamhaus Exploits Block List (XBL). The past few weeks have seen a lift from approximately 10 million to 16 million listings. The obvious question to be asking is why? The Spamhaus Project’s botnet specialist explains:

What is the XBL?

The XBL is Spamhaus’s block list which lists IP addresses that host bots and malware-infected computers.

Why the huge upswing in listings?

Approximately half of this increase is due to a new spambot sending out vast quantities of spam for Chinese porn web sites. We believe that this may be due to proxy software, popular in China, having a security issue. Meanwhile the rest is from the rising number of IP addresses that are being reported as infected with the Avalanche/Gamarue botnet.

For those of you with knowledge of the botnet landscape you’re probably thinking “But the Avalanche botnet was taken down?” You are indeed correct, however the machines infected by Avalanche are still out there spreading the infection to new machines. The difference being now is that these machines can no longer be controlled by the current set of bad guys. But, it’s worth noting that these machines are still insecure and open to abuse by other spammers.

When will these bots die out?

Even if all the botnet gangs were taken down the malware they created would continue to spread without their controller. This is a spectre we’re going to have to live with for a long time. The Conficker bot is still out there, and its control network died years ago!

What about the new spambot?

There’s one last question: what (or who) is responsible for sending the copious quantities of Chinese porn-related spam? To date the research team at the Project don’t have an answer, but we’ll let you know as soon as they find out more.

(The original article can be viewed here.)


October 29, 2019

Email blocklists – buy cheap, buy twice!

As IT budgets and resources are squeezed it’s understandable to shop around, be it for hardware, software, or threat intelligence...

Read more
February 22, 2019

Botnet command & control domain registrations go through the roof in 2018

When Spamhaus Malware Labs observe a 40% increase in the number of domains that are being registered by cybercriminals to...

Read more
February 12, 2019

Botnet command & control malware – the highs and lows of 2018

The team at Spamhaus Malware Labs were pretty busy last year.  Actually, that’s an understatement: they detected and blocked a...

Read more

Engage with us on

It’s time to protect your organization

Start my free trial