Insights

Botnet listings increase by 50% over the past weeks on XBL

October 29, 2018 by The Spamhaus Team

The following article was originally published by The Spamhaus Project, October 2018.

Haus Bot saying Exploits Block List increases by 50%After somewhat of a ‘lull’ in botnet activity over the past year  there has been a significant upswing in the number of listings on the Spamhaus Exploits Block List (XBL). The past few weeks have seen a lift from approximately 10 million to 16 million listings. The obvious question to be asking is why? The Spamhaus Project’s botnet specialist explains:

What is the XBL?

The XBL is Spamhaus’s block list which lists IP addresses that host bots and malware-infected computers.

Why the huge upswing in listings?

Approximately half of this increase is due to a new spambot sending out vast quantities of spam for Chinese porn web sites. We believe that this may be due to proxy software, popular in China, having a security issue. Meanwhile the rest is from the rising number of IP addresses that are being reported as infected with the Avalanche/Gamarue botnet.

For those of you with knowledge of the botnet landscape you’re probably thinking “But the Avalanche botnet was taken down?” You are indeed correct, however the machines infected by Avalanche are still out there spreading the infection to new machines. The difference being now is that these machines can no longer be controlled by the current set of bad guys. But, it’s worth noting that these machines are still insecure and open to abuse by other spammers.

When will these bots die out?

Even if all the botnet gangs were taken down the malware they created would continue to spread without their controller. This is a spectre we’re going to have to live with for a long time. The Conficker bot is still out there, and its control network died years ago!

What about the new spambot?

There’s one last question: what (or who) is responsible for sending the copious quantities of Chinese porn-related spam? To date the research team at the Project don’t have an answer, but we’ll let you know as soon as they find out more.

(The original article can be viewed here.)

 

Insights
October 29, 2018

Botnet listings increase by 50% over the past weeks on XBL

The following article was originally published by The Spamhaus Project, October 2018. After somewhat of a ‘lull’ in botnet activity...

Read more
Insights
July 4, 2018

Successfully accessing Spamhaus’s free block lists using a public DNS

Do you utilise Spamhaus’s free domain name server block lists (DNSBLs)? Are you currently using Google’s Public DNS, or similar...

Read more
Insights
July 3, 2018

ISPs – Ensure you & your customers have continued access to Spamhaus’s DNSBLs

There are a number of Internet Service Providers (ISPs), along with their customers, who are unwittingly missing out on the...

Read more

Engage with us on

It’s time to protect your organization

Start my free trial