Man monitoring servers

Mitigate malware threats using Spamhaus Technology domain-based datasets

In addition to IP-based datasets, Spamhaus Technology provides a constantly updated stream of domain-based datasets.

Cybercriminals rely upon domains staying online so that their command and control (C&C) servers can send instructions and updates to malware-infected computers and exfiltrate data from them.

In response to law enforcement agencies that successfully shut down botnets by taking malicious domains offline, cybercriminals developed botnet malware that contained domain generation algorithms (DGAs) that generate huge numbers of domains. Conficker C’s DGA generated 50,000 domains a day.

By generating thousands of domains daily and registering just a few of them, cybercriminals manage to retain full control over a least a portion of their networks, even if some of their domains are taken offline.

Spamhaus’ global team of security researchers is able to trace connections between criminal networks, malicious domains and compromised IP addresses. This enables us to gain visibility of malicious domains as soon as they are registered.

Our researchers reverse engineer malware to reveal DGA domains and the times that they are due to be used, allowing us to block them before the criminals start using them.

Spamhaus Technology’s domain-based block lists offer near real-time protection against your users’ computers connecting to bad domains generated by DGAs, preventing infected computers from communicating with botnet C&Cs.

Because we know that all the listed domains are bad, with zero false positives, our domain-based data can also be used to identify infected computers on your network by showing you which machines have tried to connect to Spamhaus-listed domains.

Mitigating malware threats

Spamhaus Technology’s domain and IP-based threat intelligence offers near real-time protection for your network against malware threats. This constantly updated stream of data can be delivered as:

Response Policy Zones:

Based on its real-time threat intelligence, Spamhaus Response Policy Zones (RPZ) use domain reputation and IP reputation data to prevent computers from connecting to malware-hosting sites and botnet C&Cs. Acting as a DNS firewall, RPZ offers protection as soon as bad domains become active: minimising the window of opportunity for malware to compromise users’ devices, leak data, or otherwise harm your network and data assets.

Plain text rsync:

For organizations operating larger commercial operations serving more than 5,000 users, Spamhaus Technology domain-based reputation data is available as rsync.

Click here for your 30 day trial

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch

Latest News

Brian Krebs | Bitcanal - "Hijack Factory" Shunned from Web

Brian Krebs covers the Bitcanal "Hijack Factory" story which hit the news this week. In the article Krebs highlights that virtually all of Bitcanal's IP address ranges had been listed by Spamhaus.

Read more

Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal

This week sees Spamhaus featuring in the news again. Bitcanal, a notorious bad actor, who has continually hijacked Border Gateway Protocol (BGP) routes, has effectively been kicked off the internet. Doug Madory, Director of Internet Analysis at Oracle Dyn, takes an in-depth look at the story: Shutting down the BGP Hijack Factory.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.