Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Spamhaus Releases BGP feed (BGPf) and Botnet C&C list (BGPCC)

2012-06-12 19:49:49 GMT, by Spamhaus Team
Recent News Articles

Stop spammers from exploiting your webserver!

Second arrest in response to DDoS attack on Spamhaus

New IPv6 CIDR searching tools released: grepcidrs

Changes in Spamhaus DBL DNSBL return codes

Summer Break arrives early for Malware & Botnet Gang

Spamhaus launches CERT Insight Portal

The Spamhaus Policy Block List now covers One Billion IP addresses

Resilans Incident Report


Older News Articles:
Spamhaus News INDEX

Geneva, 12 June 2012

Today the Spamhaus Project announces the release of a new service -- the Spamhaus BGP feed (BGPf). The BGPf serves three Spamhaus lists by using the Border Gateway Protocol (BGP). It is intended to be used primarily by Internet Service Providers (ISPs), web hosting providers, and network service providers (NSPs) in their routers to drop bad traffic at the edge of their networks.

The Spamhaus BGPf is currently serving three lists (communities):
  • The Spamhaus Don't Route Or Peer List (DROP)
  • NEW: The Spamhaus extended DROP List (EDROP)
  • NEW: The Spamhaus Botnet C&C List (BGPCC)

While the Spamhaus DROP list is already widely known and used, the EDROP and BGPCC lists are new. Spamhaus has just launched these lists as of today. You can find links to the listing policies and FAQ pages for each of these lists at the end of this article.

Spamhaus Botnet C&C List (BGPCC)

In 1998 when the Spamhaus Project was founded, the Internet was transitioning from the early commercial era, when spam was a problem consisting of a few unsolicited emails a day for most email users, to the earliest professional spam gangs. In subsequent years some companies adopted spam as a marketing tool, turning what had been a fringe activity (spamming) into a cash generator and vastly increasing the absolute volumes of spam on the network.

Spam gangs responded to the influx of money by adopting techniques to avoid direct blocking and filtering so that the spam that they sent would be delivered to users. Spam flooded user inboxes, drowning out email that users wanted, and threatening to render email useless for a large number of users. Spamhaus adopted Paul Vixie's realtime blocklist (RBL) technology and developed the original Spamhaus Blocklist (SBL). In time this blocklist was joined by other blocklists targeted at different spam issues. Over the years Spamhaus became a leading provider of antispam blocklists. Currently considerably in excess of a billion mailboxes worldwide use Spamhaus products in their antispam configurations.

Today email spam is still one of the biggest problems faced by users of the internet. However, other types of messaging abuse have become increasingly important, and abuse of other Internet-based technologies has increasingly become an intrinsic part of spam operations. Advance Fee Fraud (419) scams, phishes, and other criminal endeavors motivate much of the spam that is sent at present. Malware-infected servers and user devices and botnet command and control (C&C) nodes and members (bots) send much of that spam or host services that help spammers benefit from the spam.

To cope with these new spam vectors and tools, today Spamhaus is offering a new tool for network providers. We are proud to announce the Spamhaus Botnet C&C list (BGPCC). The list contains IP addresses which Spamhaus has identified as hosting servers operated by cybercriminals and used to control malware-infected computers. The Botnet C&C list is available exclusively through the Spamhaus BGPf. It is intended for Internet Service Providers (ISPs) and network providers to import into router configurations, to block C&C nodes from contacting bots on their networks and thereby protecting both their customers and the Internet from botnet traffic.


Spamhaus extended DROP List (EDROP)

In addition to the Spamhaus Botnet C&C List, today Spamhaus launches the extended DROP (EDROP) list. EDROP has a listing policy similar to that of the DROP list, that contains networks which are being operated by cybercriminals. The difference is that, while DROP only lists networks that are direct allocations from the RIR, EDROP contains only bad networks that are sub-allocations from another network. Both lists are available as plain text files and via the BGPf.


References


Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Spamhaus Releases BGP feed (BGPf) and Botnet C&C list (BGPCC)
http://www.spamhaus.org/news/article/683/spamhaus-releases-bgp-feed-bgpf-and-botnet-cc-list-bgpcc

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2014 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy