Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Spamhaus News Index
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.


Categories

bgp
botnet
cloud
coi
cybercrime
ddos
dns
domains
government
iot
listbombing
malware
marketing
phish
rpz
security
spam



RSS News Feed
Smoke Loader malware improves after Microsoft spoils its Campaign 2018-04-16 UTC
Early this year, in March 2018, Microsoft’ Windows Defender Research Team in Redmond published some interesting insights into a massive malware campaign distributing a dropper/loader called Smoke Loader (also known as Dofoil). The main purpose of the documented campaign was to distribute a coin miner payload that is using infected machines to mine crypto currencies. Within 12 hours, Windows Defender recorded more than 400,000 instances, but could deploy appropriate countermeasures on computers running Windows within seconds. As further analysis from Spamhaus Malware Labs revealed, these countermeasures did not stay unattended by the malware authors behind Smoke Loader. Runtrace... (>)

Fighting abuse at the edge 2018-04-09 UTC
Take a look at org charts, international standards, conferences and forums…you will observe there are two tribes; one for the ‘network’ the other for ‘applications’. It’s a distinction that’s embedded in Information Technology with the Network Layer ‘below’ all applications with a dedicated team dealing with connectivity, routers, upstreams and peering, all quite independently from the nature of the data that is flowing. Another team deals with ‘applications’; email, web services, etc., that do their job without having to consider the underlying aspects related to networking.... (>)

Spamhaus Botnet Threat Report 2017 2018-01-08 UTC
Now that 2017 is behind us, as we do each year, the Spamhaus Project would like to give some numbers and thoughts on the botnet threats we encountered. In 2017, Spamhaus Malware Labs identified and issued Spamhaus Block List (SBL) listings for more than 9,500 botnet Command & Control servers on 1,122 different networks. A botnet controller, commonly abbreviated as "C&C", is being used by fraudsters to both control malware infected machines and to extract personal and valuable data from malware infected victims. Botnet controllers therefore play a core role in operations conducted by cybercriminals who are using infected machines to send out spam, ransomware, launch DDoS attacks, commit ebanking fraud, click-fraud or to mine cryptocurrencies such as Bitcoin. An infected machine can be a desktop computer, mobile device (like a smartphone) but also an IoT device ("Internet Of Things") device such as webcam or network attached storage (NAS) that is connected to the internet.... (>)

PandaZeuS’s Christmas Gift: Change in the Encryption scheme 2017-12-28 UTC
Spamhaus Malware Labs - Spamhaus's malware research unit - recently observed a wave of new PandaZeuS malware samples being distributed during the Christmas season. PandaZeuS, also known as Panda Banker, is an ebanking Trojan that evolved from the notorious ZeuS trojan and is being used by different threat actors to compromise ebanking credentials, used by cybercriminals to commit ebanking fraud.... (>)

Did anyone recently notice that the Spamhaus XBL just got really big? 2017-12-19 UTC
Over the past three weeks, some of our users have noticed that the XBL (CBL) database has grown substantially in size. There are two major reasons for this. 1) Increase from the Internet of Things (IoT) 2) Increase From Andromeda botnet takedown... (>)

French government provides spam lists 2017-05-30 UTC
The government of France provides lists of email addresses to French political candidates for them to use when sending campaign emails. Unfortunately these lists have many spamtrap addresses on them. Our spamtrap email addresses cannot have been legitimately subscribed to this list, and most assuredly do not belong to French voters. The presence of spamtraps is evidence that other addresses on... (>)

Botnet Controllers in the Cloud 2017-04-25 UTC
Cloud computing is popular these days. Millions of users consume computing power out of the cloud every day. Cloud computing comes with several advantages over traditional server hosting, such as scalability and quick deployment of new resources. As of January 2017, several large botnet operators appear to have discovered the benefits of cloud computing as well, and have started to... (>)

Spamhaus Botnet Summary 2016 2017-01-17 UTC
2016 was a busy year for existing and emerging cyber threats. In the past year, Spamhaus researchers issued listings for over 7,000 botnet Command & Control ("C&C") servers on more than 1,100 different networks. These C&C servers enabled and controlled online crime such as credential theft, e-banking fraud, spam and DDoS attacks. They were also used for the retrieval of stolen data. 2016 will also go down in history as the first year that security issues related to the 'Internet-of-Things' not only became mainstream, but turned into a serious enabler of ever larger attacks and a source of many future problems.... (>)

Network Hijacking on the Rise 2016-09-26 UTC
As we discussed in a previous article, allocations of IP addresses (IPv4 addresses) are getting hard to come by, especially for spammers. Because the IP addresses they use quickly get a bad reputation as sources of spam, spammers constantly need fresh IPs that are... (>)

Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs 2016-09-16 UTC
Internet harassment is becoming an increasingly ugly and widespread issue, and over the weekend of August 13-14 it spilled into territory we could do something about. After a few weeks of low level activity, over that weekend some unknown cyber criminals launched a targeted attack on over 100 government email addresses, using bots to create mailing list subscription requests at the rate of over 1000 per minute. Effectively, this was a denial of service attack, rendering the government mailboxes useless for considerable time. Over the next couple of months the targets expanded from government addresses to others, some of which were targeted and timed to be especially disruptive.... (>)

More Domain Stats: The 10 Most Abused Registrars 2016-05-17 UTC
Filling in The Spamhaus Project's domain panorama in our "Top-10 Worst" pages, we have added a page for The 10 Most Abused Domain Registrars. It breaks out by registrar the ratio of bad domains versus total domains as seen by our systems in the course of a rolling two-week window. While other registrars have numerically more bad domains, that is a result of the sheer size of their domain corpus, and they have a lower ratio of bad to good domains. Those larger registrars take effective measures to prohibit spammers and remove bad domains from their services, and thus polish their own reputations. ... (>)

SBL/ZEN DNS lookups to return DROP/eDROP status 2016-04-05 UTC
Starting with 1st June 2016, you can look up an IP address on any Spamhaus zone that supports SBL lookups, and verify whether that IP address is on DROP/eDROP. An IP address that is listed on DROP or eDROP will return 127.0.0.9 in addition to 127.0.0.2.... (>)

Spamhaus Presents: The World's Worst Top Level Domains 2016-02-25 UTC
The Spamhaus Project has added a new list to its Top-10 Worst pages, this time for Top Level Domains (TLDs). This domain data is designed to complement the recent additions to our IP address data announced in a previous news blog.... (>)

Verizon Routing Millions of IP Addresses for Cybercrime Gangs 2016-02-01 UTC
Over the past few years, spammers have sought out large ranges of IP addresses. By spreading out their sending patterns across a wide range of IP addresses, they can attempt to defeat spam filters and get spam and malware emails delivered where they are not wanted. However, IPv4 addresses are getting scarce and hard to come by. In fact, as of... (>)

Brazilian internet users suffer SoftLayer's security fail 2015-10-01 UTC
In the summer of 2015, the number of SBL listings involving SoftLayer Technologies (an IBM company) increased rapidly, bringing Softlayer to the #1 spot on the Spamhaus Top 10 list of most problematic ISPs. This attracted a great deal of attention, because Softlayer has traditionally been a responsible ISP, and has made a number of contributions to the security and anti-spam industries. As one would expect, this situation prompted questions.... (>)

Network under attack? You might be surprised where that's coming from! 2015-09-21 UTC
About a month ago the Spamhaus Project added several new lists to its Top-10 Worst pages. These are in addition to our existing Top-10 lists: Worst spammers, spammer hosting nations and spammer hosting Internet Service Providers (ISPs). Every second of every hour of every day Spamhaus collects a vast quantity of real-time threat intelligence from around the globe. We analyze and use this data to produce the data sets that protect billions of users from spam and other attack threats.... (>)

Ongoing abuse problems at Nic.at and DENIC 2015-08-19 UTC
Some of you may remember Spamhaus' dispute with Nic.at (the registry of .at ccTLD - "country code Top Level Domain") back in 2007. At that time, we saw a massive amount of the "Rock Phish" gang's phishing domain names being registered within .at for the exclusive... (>)

On the dubious merits of email verification services 2015-04-30 UTC
Email verification services help avoid undeliverable messages in situations such as point-of-sale transactional e-mail, but they do not verify the permission of the address owner, which is the most important step to avoid spam when acquiring addresses for bulk emailing lists, nor do they verify whether a transactional message is sent to the same person as the person making the transaction.... (>)

A Survival Guide for the Small Mail Server 2015-03-19 UTC
Nowadays many companies and organizations (non-profits, units of governmental and educational institutions, etc) believe that running their own mail servers has become an impossible task, due both to the large amount of inbound spam and to the continuous attempts by spammers to send outbound spam through their mail servers. Companies often lack in-house technical resources to configure and... (>)

In memory of Ellen 2015-02-20 UTC
On the evening of Wednesday, 18th February 2015, The Spamhaus Project lost a long-time friend and member of its team. A spam fighter from deep in the trenches, Ellen R. was known to many in this community for her earlier role at SpamCop. Fewer knew of her contributions at Spamhaus: After her retirement she came to work as a volunteer with us. Her efforts here helped stop billions of spams from reaching billions of people's mailboxes. Her life made the world a better place, especially for those in this community, and she will be missed.... (>)

Spamhaus Botnet Summary 2014 2014-12-31 UTC
As 2014 ends, Spamhaus reviews the botnet threats that it detected in the past year, and provides facts and useful suggestions for ISPs and web hosts on the front lines of the battle against cybercrime. To nobody's surprise, botnet activity appears to be increasing. The majority of detected botnets are targeted at obtaining and exploiting banking and financial information. Botnet controllers (C&Cs) are hosted disproportionately on ISPs with understaffed abuse departments, inadequate abuse policies, or inefficient abuse detection and shutdown processes. Botnet C&C domains are registered disproportionately with registrars in locations that have lax laws or inadequate enforcement against cybercrime.... (>)

Stop spammers from exploiting your webserver! 2014-12-15 UTC
For many years, speaking of "botnet spam" mainly meant speaking about compromised Windows systems. However, in the last few years this assumption is no longer entirely true. Looking at the number of distinct sources, the vast majority of emitters are still about the same as before, but looking at volumes we see that a large part of email spam now comes from abused Linux/Unix systems. Part of... (>)

Second arrest in response to DDoS attack on Spamhaus 2014-07-07 UTC
The Spamhaus Project again offers congratulations and thanks to the law enforcement community in the matter of the massive Distributed Denial of Service (DDoS) attack perpetrated against our systems in March 2013 by a Russian-based anti-Spamhaus group calling themselves 'Stophaus', consisting of several individuals with grievances against... (>)

New IPv6 CIDR searching tools released: grepcidrs 2014-06-20 UTC
Moving into IPv6 presents many, many challenges. Among the myriad tasks which are required in that transition, many IT admins and techs will find the need to search and filter IPv4 and IPv6 addresses matching CIDR patterns in data related to both those IP addressing systems. The standard tool for many admins to do... (>)

Changes in Spamhaus DBL DNSBL return codes 2014-06-15 UTC
Spamhaus engineers have been busy developing new data for the Spamhaus Domain Block List (DBL) during the past several months. Our efforts have produced several specialized subsets of the DBL data set which will provide Spamhaus DBL users with better protection against spam as well as against other cyber threats (bots and malware) which are... (>)

Summer Break arrives early for Malware & Botnet Gang 2014-06-05 UTC
After over 3-years of non-stop work stealing millions from people and companies on the internet, the cybercriminals behind the thefts will have some free time on their hands. Last week a group of Internet security organizations including the Spamhaus Project, several IT security companies, and the cybercrime departments of ten national law enforcement agencies crippled the... (>)

Spamhaus launches CERT Insight Portal 2014-04-08 UTC
Today, The Spamhaus Project is both happy and proud to announce the official launch of the Spamhaus CERT Insight Portal. The aim of the new web portal is to help Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Team (CSIRTs) with a national or regional responsibility to protect their critical infrastructure and IP address space from... (>)

The Spamhaus Policy Block List now covers One Billion IP addresses 2014-03-18 UTC
As we always try keep tabs on what spammers do, we couldn't help to overhear this at an Evil Botnet Spam Gang's... (>)

Resilans Incident Report 2014-03-04 UTC
Report regarding the SBL listings of spam operations on Resilans AB (resilans.se). Spammer IP address space at Resilans Spamhaus became aware of Resilans AB leasing netblocks to spam operations in August 2013. We listed those ranges and notified Resilans. Despite notification, the ranges they allocated in August were... (>)

ICANN SSAC on DDoS, DNS and BCP 38 2014-02-26 UTC
ICANN's Security and Stability Advisory Committee (SSAC) document Advisory on DDoS Attacks Leveraging DNS Infrastructure, published this week, provides a much-needed touchstone for the Internet in its current state. DDoS attacks, such as the one... (>)

The return of the open relays 2013-12-02 UTC
1997-2003: THE OPEN RELAY ERA Around 1997, a company named Cyber Promotions (a/k/a Cyberpromo) was the first to start spamming Internet users on a massive scale. Cyberpromo first did this from their own mail servers, relying on... (>)

The DMA kicks spam up a notch 2013-10-27 UTC
Spamming is always bad, but it is just plain foolish to spam addresses at spamhaus.org. While Spamhaus SBL listings are based on much wider views of spam than our own mailboxes, our mailboxes can tell us what we should look for. So when over the weekend the U.S. Direct Marketing Association (DMA) decided to spam, it would have been wiser to leave Spamhaus... (>)

Celebrating The First Birthday Of The Spamhaus BGPf 2013-06-12 UTC
In June 2012, Spamhaus launched the Spamhaus BGP feed (BGPf), a new service designed to protect organizations, network owners and network providers from... (>)

An arrest in response to March DDoS attacks on Spamhaus 2013-04-26 UTC
The Spamhaus Project offers congratulations and its sincere thanks to the Dutch Public Prosecution Service (OM), the Dutch National High Tech Crime Unit (NHTCU) of the Dutch Police Services Agency... (>)

Fake 'Spamhaus' MoneyPak Ransomware 'Blocked PC' Virus 2013-04-16 UTC
A number of Internet users are reporting a fresh version of a ransomware virus circulated by cyber criminals which exploits the name and image of Spamhaus to trick computer users into paying fake fines using MoneyPak. Computer users should know that no authorities or organizations (including Spamhaus) use screen blocking messages... (>)

Answers about recent DDoS attack on Spamhaus 2013-03-28 UTC
At this time The Spamhaus Project is getting more press enquiries than we can personally respond to. Below is a list with the most frequently asked questions, along with our answers. If you are in need of any additional information please do not hesitate to contact us but we cannot guarantee a quick response. Our staff are almost all investigators and engineers who focus on dealing with spam... (>)

Problems seen in transactional messages 2013-03-05 UTC
Some months ago a number of bloggers wrote about The Spamhaus Project's "new" spamtraps. Some asserted that we were suddenly targeting transactional messages. Others noticed the timing of new SBLs based on those "new" traps and one concluded that we had decided to publish our advisories during the Christmas season, the time of year that retail companies see the bulk of sales and that would... (>)

Cooperative Efforts To Shut Down Virut Botnet 2013-01-19 UTC
During the past few weeks, Spamhaus has worked hard to shut down a botnet called "Virut". Virut take down Virut is a worm that spreads through removable drives such as USB sticks and network shares, but it also has file infection capabilities it uses to spread itself. Virut was first detected in 2006 and became a serious threat with an estimated size of... (>)

How hosting providers can battle fraudulent sign-ups 2012-10-01 UTC
Hosting providers are increasingly asking Spamhaus how they can prevent so-called "fraudulent sign-ups" -- new customers whose only intention is to spam, host malware, host botnet controllers, or engage in other activities that are forbidden by the hosting provider's acceptable use policy (AUP). Such customers normally target cheap VPS and cloud hosting with automated sign-up procedures. ... (>)

Spam botnets: The fall of Grum and the rise of Festi 2012-08-16 UTC
In July 2012, FireEye in cooperation with other security organisations, such as Spamhaus, took down the Grum botnet. At that time Grum was the third largest spam-sending botnet. The event gained considerable media attention.... (>)

Spamhaus Releases BGP feed (BGPf) and Botnet C&C list (BGPCC) 2012-06-12 UTC
Geneva, 12 June 2012 Today the Spamhaus Project announces the release of a new service -- the Spamhaus BGP feed (BGPf). The BGPf serves three Spamhaus lists by using the Border Gateway Protocol (BGP). It is intended to be used primarily by Internet Service Providers (ISPs), web hosting providers, and network service providers (NSPs) in their routers to drop bad traffic at the edge... (>)

Spamhaus joins World IPv6 Launch day with IPv6 enabled DNSBL mirrors 2012-06-06 UTC
On 6 June 2012 many major internet service providers (ISPs), home networking equipment manufacturers, and web companies around the world are uniting to redefine the global Internet and permanently enable IPv6 for their products and... (>)

Spam through compromised passwords: can it be stopped? 2012-05-09 UTC
Any account on a legitimate mail server is a valuable resource to a spammer or cybercriminal because it gives access to a server that is unlikely to be blocked from sending email. A spammer can use an account on a legitimate mail server to spam, and reach many more people than if he sent email from an IP that does not host a legitimate mail server. A cybercriminal can use an account on a... (>)

Snake oil spamming chiropractor gets cracked 2012-05-03 UTC
Long time ROKSO-listed spammer Brian "Dr. HGH" McDaid is finally going to pay for his crimes. This week, in a Philadelphia court, US federal court Judge Stewart R. Dalzell sentenced McDaid to two years in prison and... (>)

Russian registrar NAUNET knowingly harbours Cybercriminals 2012-03-22 UTC
In November 2011, new terms and conditions (T&C's) for registering .ru domains were put out by the Coordination Center for the Top Level Domain RU (cctld.ru). The following paragraphs of the new T&C are important to Spamhaus' mission to fight against spam and cybercrime: 5.7. The Registrar may terminate the domain name... (>)

SNMP DDoS Vector - Secure Your Network NOW! 2011-12-23 UTC
Spamhaus has observed a newer type of distributed denial-of-service attack (DDoS) which has only recently become popular among cybercriminals. In just the past month, several attacks using this method have been investigated by private security firms and law enforcement agencies. During December 2011, Spamhaus sustained an SNMP DDoS on the order of magnitude of the largest DDoS seen to date on the... (>)

Ghost Click/DNSChanger: Could ISPs have stopped it? 2011-11-15 UTC
After the November 9, 2011 successful law-enforcement dismantling of a huge cybercrime network in an operation dubbed 'Ghost Click', questions were raised as to what Internet Service Providers (ISPs) could have been doing to protect their users, and the internet, from this botnet. So, could an ISP (or corporation, school,... (>)

Targeting Rove Digital: Operation Ghost Click 2011-11-09 UTC
On November 9, 2011 the FBI announced the successful dismantling of a huge cybercrime network in an operation dubbed 'Ghost Click'. The target of this joint US and Estonian law enforcement operation is the ROKSO listed gang Rove Digital. Rove Digital ran a sophisticated operation in which... (>)

Who's Really Paying Cybercriminals? 2011-11-01 UTC
This week sees the arrival of LondonCyber, a conference organised by the British Government's Foreign Office and reported to have been so thoroughly stage-managed that the media have been carefully kettled away in a special media centre to ensure they are not allowed to directly interact with any of the attendees. While many questions are being asked at that conference, we wonder whether the... (>)

Dutch ISP Attempts False Police Report 2011-10-14 UTC
If The Netherlands has penalties for filing false reports and wasting police time, Dutch ISP 'A2B Internet' will be looking at a hefty fine. The owner of the small Dutch transit ISP claimed on Tuesday 11 Oct to have filed a report with local police in the Dutch region of Zaanstreek-Waterland accusing Spamhaus of "extortion" and carrying out a "DoS attack" on his network. Spamhaus had flagged A2B... (>)

Santander gets it mostly right 2011-10-03 UTC
If one admonishes for poor practice, one should encourage better practice. On Friday we wrote about an email sent by the UK tax office the formatting of which was ill advised (see UK Tax Office Sends an Invitation to Phishers). The following Monday, Santander UK sends an email... (>)

UK Tax Office Sends an Invitation to Phishers 2011-09-30 UTC
Phishing. Broadly speaking, sending out emails which misdirect people to supply confidential information to miscreants. One such ruse in the UK has been to send out tax rebate emails purporting to come from the UK tax office, HMRC. So on Friday, in a stroke of genius, HMRC sent out the following: ... (>)

Spamhaus Victory in Final Appeal in E360 Case 2011-09-05 UTC
On the 2nd September 2011 Spamhaus was successful in its final appeal which reduced a baseless $11.7 million default judgment down to $3 (three dollars). Twice the US Court of Appeals for the Seventh Circuit vacated judgments against UK-based Spamhaus made by U.S. Federal Judge Charles Kocoras who had twice awarded fabricated 'lost profits' to a Chicago-based spam sender. In 2006 the... (>)

Spamhaus' DBL as a Response Policy Zone (RPZ) 2011-06-10 UTC
All too frequently electronic security breaches result from some form of social engineering trick which entices a user to visit a harmful website by providing a clickable link (URL) with a specially-registered domain which ultimately leads to the user being defrauded or their machine being infected with malware. Once infected, criminals very quickly gain complete control of that user's... (>)

Spamhaus Releases IPv6 Blocklists Strategy 2011-06-06 UTC
The Spamhaus Project has released a document outlining Spamhaus' strategy with respect to Spamhaus' IP blocklists and their future in an IPv6 enabled world. Entitled "Spamhaus IPv6 Blocklists Strategy Statement", the document focuses exclusively on IPv6 DNS-based blocklists and gives technical details of how Spamhaus plans to implement them. The document draws attention to a... (>)

One year anniversary of the DBL brings a new zone 2011-03-03 UTC
5 March 2011: One year ago this week, The Spamhaus Project released a new spam-blocking advisory list for the world's internet users. Its focus was on the domain side of email filtering. Called the Domain Block List, the DBL has now been in worldwide use for a full year. The reported results have been excellent with the domain filtering ability of the... (>)

Wikileaks Mirror Malware Warning 2010-12-14 UTC
On Monday Spamhaus became aware that the main Wikileaks website, wikileaks.org, was redirecting web traffic to a 3rd party mirror site, mirror.wikileaks.info. This new web site is hosted in a very dangerous "neighborhood", Webalta's 92.241.160.0/19 IP address space, a "blackhat" network which Spamhaus believes caters primarily to, or is under the control of, Russian... (>)

Spamhaus forged (again) in malware phish attack 2010-11-29 UTC
Spamhaus.org has been a frequent target of forged e-mails over the years and once again we're seeing a rise in those sorts of spam messages. This time email messages pretending to come from Spamhaus are a social engineering attempt ("phish") to lure victims into installing malware on their computers. Don't fall for it! Some things to be aware of... (>)

UK Threat from Cybercrime is Very Real 2010-10-18 UTC
When it became clear that the UK's National Security Strategy (published today) would highlight "Cybersecurity" as one of the most serious threats to the United Kingdom's security, the media were most querulous. Even some of the more experienced journalists seemed to pour immediate scorn on the suggestion that computer-based crime could rank in seriousness alongside terrorist attacks... (>)

Spamhaus Releases The Spamhaus Whitelist 2010-09-26 UTC
The Spamhaus Project has released a whitelist called the Spamhaus Whitelist. Long awaited in the industry, the Spamhaus Whitelist allows internet mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown, allowing mail server operators to block known bad email traffic, let known good email traffic pass safely, and heavily filter unknown email sources. The... (>)

Spamhaus Blocks Gmail? Report Was Not True. 2010-08-20 UTC
"Spamhaus Blocks Gmail" - A catchy headline which certainly got the twitterati going. However, it wasn't true. Recently some IT websites, including Softpedia and Sucuri, erroneously issued reports of Spamhaus' SBL blocking Gmail. These reports are not true. Google's Gmail service has never been listed in, or affected by, any Spamhaus DNSBL, nor ever would be. Spamhaus quite simply... (>)

Canned Spammer: "The Godfather" Alan Ralsky locked up 2010-03-04 UTC
Leaving a wake of over 12 years of criminal spamming and trillions of sent junk emails behind him, long time ROKSO-listed spammer Alan Ralsky is finally behind the walls of a US Federal Prison. After pleading guilty to multiple federal criminal charges, and after time extensions to "get his affairs in order", Ralsky reported to... (>)

Approaching 100% spam block: Spamhaus releases the Domain Block List 2010-03-01 UTC
1 March 2010: The Spamhaus Project is proud to release its newest spam-blocking advisory list to the world's internet users, this time focused on the domain side of email filtering. Called simply the Domain Block List, the DBL has been in beta testing for much of 2009 on production ISPs and corporate servers in Europe, Asia and North America, and results... (>)

State of Maine AG OKs Spam List 2010-02-03 UTC
The idea of "opt in" is central to the legitimate, non-spam use of bulk e-mail. Without "opt in" policies, any and all e-mail addresses will be spammed relentlessly until they "opt out", and likely even after that. "Opt in" means that the recipient--the e-mail address owner--knowingly and intentionally subscribes to a specific list before the bulk list-mail commences. Permission to send bulk... (>)

DarkMarket "loner" soon to have many new friends 2010-01-15 UTC
Unfortunatly for Renukanth Subramaniam, the "loner with a modest lifestyle" who helped run the secretive website where cybercriminals traded stolen credit card data, his friends will probably be fellow inmates in a Her Majesty's Prison Service institution. Subramaniam was remanded into custody in London after earlier pleading guilty to conspiracy to defraud and five counts of furnishing... (>)

Congratulations to CNNIC (China) 2009-12-17 UTC
China Internet Network Information Center (CNNIC) - China's own domain regulator - last week criticised Xinnet.com and some other Chinese registrars for the excessive inaccuracy in registration information (called "Whois" data). From this week, buyers of ".cn" Country Code Top Level Domains (ccTLDs) are required to provide paperwork - such as company credentials and a... (>)

Comcast guarding users helps protect all of us 2009-12-07 UTC
In October, Comcast Corporation, the USA's largest provider of high-speed Internet to private homes, announced the roll-out of its new Constant Guard security initiative. The system will provide in-browser notifications about possible virus infections. If the system detects a possible problem, a "service notice" will appear in the customer's web browser that tells them that a virus has been... (>)

Two month "snowshoe" trek results 2009-12-03 UTC
On the two-month anniversary of our announcement of the Spamhaus CSS, we thought it's time to take a look at its effect against this type of spamming. As we had mentioned, while filtering methods for botnet spam are now quite effective, a new breed of static-IP address spammers had evolved, and their spam was evading many filters. It became time to target the next great spam problem,... (>)

Herbalking ringleader gets US$15 million fine 2009-11-30 UTC
The Herbalking aftermath continues with a US federal judge ordering ringleader Lance Atkinson to pay the US Federal Trade Commission (FTC) a hefty US$15.5 million (£9.4 million). After already admitting his involvement to the New Zealand authorities last year now the FTC steps in with its findings: The spam gang deceptively marketed products such as male-enhancement pills,... (>)

Some Good News From Downunder 2009-11-20 UTC
Two New Zealanders well known to Spamhaus have been fined for their roles in the biggest pharmaceutical spamming operation in the history of the internet, officials of the nation's Department of Internal Affairs (DIA) said on Monday. They were part of a business based in Christchurch that sent more than two million unsolicited emails promoting Indian-made herbal products to New Zealand... (>)

Announcing the Spamhaus CSS 2009-10-03 UTC
While filtering methods for botnet spam are now quite effective, a new breed of static-IP address spammers has evolved, and their spam evades many filters. It is time to target the next great spam problem, "snowshoe" spam. The Problem of Snowshoe... (>)

Impact on Cutwail of 3FN shutdown 2009-06-16 UTC
There is nothing like a visual representation to show how botnet spam traffic dries up when a major eastern European run host (in this case, USA routed) of the botnet Command & Control systems (C&C) is shut down. Below is a report from the CBL botnet spam detection system on the effect of a recent shut down. These graphs are the total number of spams (per second) detected as being sent... (>)

Erroneous Mail Rejections at Yahoo! 2009-05-30 UTC
During the last week of May, 2009, some senders experienced mail rejected by yahoo.com which referenced Spamhaus PBL data. But when they looked up their IP address, it was not in any Spamhaus list. The error was not consistent, and sometimes resubmitting a message might result in its delivery. Yahoo! is aware of the problem and made this announcement on its... (>)

ISP PBL Account - New Look! 2009-05-19 UTC
Last month we mentioned upcoming changes to ISP's PBL Account pages. We're pleased to announce that the first phase of those improvements is now up and running. While not visible to the public, an ISP logging in to their PBL Account will immediately see the upgrades. The new ISP PBL Account pages: Are designed to make it easier for ISPs to make accurate PBL Zone... (>)

PBL Update and Comparisons - April 2009 2009-04-13 UTC
We'd like to show you what some typical broadband space looks like in terms of spam-sending bots and Policy Block List (PBL) listings. Let's sample a few chunks of IPv4 space, count the spam bots, and map them graphically to visualize what those ranges look like. These are just examples, conveniently chosen based on our experience in dealing with countless ISP ranges and PBL listings. There is... (>)

A Snowshoe Winter: Our Discontent with CAN-SPAM 2009-02-25 UTC
Snowshoe spamming has been around for many years but during 2008 a few USA spammers honed the technique to a fine edge. It has grown rapidly for the past year and there is no indication that it will cease in the foreseeable future. As of February 2009, snowshoe spamming accounts for 20-30% of all connections at typical gTLD mail servers. It is the second... (>)

Another one bytes the dust 2008-11-17 UTC
Following the October 2008 shut down of the largest US based host of trojan malware, botnet command and control systems (C&Cs) and DNS changer hosts (pharming), Intercage/Atrivo, another US based network specializing in hosting similar cybercrime has been taken off the Internet. McColo is a bit different from Intercage/Atrivo in... (>)

Spam Kingpin's hench-woman pleads guilty 2008-10-15 UTC
A person well known to Spamhaus, Judy Devenow, one of long time spamming kingpin and convicted felon Alan Ralsky's gang, plead guilty to conspiracy and aiding fraud in a US Federal court. She admitted she had sent millions of spam e-mails a day to generate excitement about junk stocks while working for Ralsky who has been indicted,... (>)

HerbalKing principals indicted by FTC and New Zealand 2008-10-14 UTC
The #1 worst spam gang on the Internet for much of 2007 and 2008, and active since at least 2005, has been indicted by the US Federal Trade Commission (FTC) in conjunction with simultaneous charges in New Zealand and possibly Australia & India. Several co-conspirators formed the HerbalKing spam gang. The primary... (>)

Virginia Court OKs Anonymous Spam 2008-09-16 UTC
Or "Frea Speach," as spammers write with their notoriously bad spelling while yammering about their right to send spam. There is no right to send spam, of course, let alone anonymously. Almost a decade ago, in their decisions in AOL vs. Cyberpromo and Earthlink vs. Cyberpromo, U.S. courts of appeal ruled that spam is theft of service and trespass to chattels, both of which are civil offenses. And... (>)

Cybercrime's U.S. Home 2008-08-29 UTC
When cybercrime is mentioned it never takes long for Russia and the Ukraine to enter the picture. However, while a lot of cybercriminals are based in those countries, a lot of their infrastructure is housed in the west, in the United States to be precise. Without exception, all of the major security organizations on the Internet agree that the 'Home' of cybercrime in the western world is... (>)

Confirmed Opt In - A Rose by Any Name 2008-08-11 UTC
Closed Loop Confirmed Opt In is the full technical term for the best opt-in subscription practice around. But whether you call it Confirmed, Verified, Double or any other adjective it still means the same thing: "Hey you! Subscriber! Is this really you who signed up for this list? Unless you respond, we won't send you more mail." The subscriber's response completes the loop and confirms their... (>)

Spam, Malware and FTP cracks 2008-07-25 UTC
There is lots of spam going around with funny subjects like "Mike Tyson to Fight Michael Jackson" or "Afghanistan to be 51st US State", or other equally absurd lines designed to hook unwary recipients into clicking the URL in the spam. Unfortunately, the results of following that link are not at all funny. The victim's computer will be infected with a Trojan horse, it will become part of a spam,... (>)

Using the SBL and XBL against spamvertized URLs 2008-06-27 UTC
A lot of people are using our SBL and XBL lists to guard their mail infrastructure against the incoming floods of spam. While we encourage all SBL-XBL users to switch to ZEN to check the connecting IP, the SBL-XBL combination still has a very powerful, but lesser-known application area: use it against spamvertized URLs in the message content. While the spam emitting bots move... (>)

The Spammer Agora 2008-03-16 UTC
There's been a lot of use of the term "ecosystem" in the e-mail industry lately. It's a good description of the complex environment that has grown up around Simple Mail Transport Protocol; it's no longer simple. But, like any ecosystem, it has many subsystems and niches within it. Among spammers in general, the botnet and black market spammers have... (>)

Blackhats and Grayhats 2008-02-15 UTC
(From a discussion in a private anti-abuse industry workgroup list in November 2007 regarding the need for extensive restructuring of e-mail systems due to spam; reproduced with permission...) Someone Else... (>)

The Spamhaus PBL, a one year old anti-spam heavyweight 2008-01-29 UTC
One year ago this month, Spamhaus launched the Policy Block List, also known as the PBL. Now a year later we look back to see what effect it has had. The PBL was created to be used together with our other DNSBL zones, the SBL and the XBL. At the same time... (>)

US Feds arrest and book ROKSO spammer Alan Ralsky 2008-01-11 UTC
As reported by the Detroit Free Press on January 9, 2008, spammer Alan Ralsky of West Bloomfield, Michigan was brought into U.S. District Court in Detroit in handcuffs, escorted by FBI and US Postal Inspection Service agents who met him at the Detroit Metro Airport upon his return from Germany. Spamhaus was pleased to report on the January 3rd, 2008,... (>)

Spam King Alan Ralsky indicted 2008-01-03 UTC
The US Department of Justice went public on January 3rd with the indictment of Alan Ralsky and 10 others who helped him. Ralsky topped our Top 10 Worst Spammers list for quite some time and was involved in almost any sort of spam activity that's being... (>)

The increasing importance of registrars in the fight against spam 2008-01-01 UTC
Anyone remotely involved in the fight against spam has heard of the Storm worm. While Storm has used a variety of social engineering tricks to propagate, the e-card method has always been a popular one. What better a moment to send an e-card than in this holiday season? That's probably why the Storm botnet gang began pumping... (>)

RBN as Chinese as Caviar & Borscht 2007-11-16 UTC
When the routes to the older IP address mapped to the Russian Business network began to no longer route on the internet, Spamhaus noticed a new set of IP addresses and ASN numbers mapping into the same upstream network. The Whois data for these showed Chinese company names and .cn/.tw email addresses. ... (>)

ROKSO Spammer Robert Soloway Arrested 2007-05-30 UTC
One of the most persistent professional spammers listed since 2003 on Spamhaus's Register Of Known Spam Operations (ROKSO) database, has been arrested in Seattle Washington in a joint operation conducted by the Washington State Attorney General's Office, the FBI, FTC, Internal Revenue Service Criminal Investigations and the United States Postal Inspection Service.... (>)

Summer Spam Suits Show Some Success 2006-09-08 UTC
Microsoft Corporation has won what could be the largest award against a spammer in Europe thus far. Sadly, the victory does point out the failure of the British legal system to tackle spam. Microsoft's actions show that at this time, only private civil action can be used to deter spammers in the legal arena.... (>)

Australian Spam Act Nails First Spammer 2005-06-23 UTC
The Australian Communications Authority (ACA) has taken action against a spammer in the first case to be brought under Autralia's Spam Act. Spammer Wayne Mansfield, listed in Spamhaus ROKSO database, is charged with sending at least 56 million commercial emails in twelve months after the Spam Act 2003 commenced in April 2004. Most of the messages are believed to have been unsolicited and in breach of the Act. ... (>)

The Threat from the Net 2005-04-27 UTC
At the British-held Infosecurity Europe conference Lord Harris of Haringey warned the UK government of the serious threat to Critical National Infrastructure posed by groups of E-vandals and criminal gangs operating botnets, and urged the government to put a protection and response strategy in place. Lack of funding is seriously impacting the ability of law enforcemment agencies on both sides of the Atlantic to shut down botnet gangs.... (>)

Increasing Spam Threat from Proxy Hijackers 2005-02-03 UTC
Spam, now at 75% of all email traffic arriving at most ISPs mail servers, is set to increase still further thanks to new features in proxy hijacking software released by spammers. Many major email services report a large increase in spam coming directly from the major mail relays of other ISPs. Spamhaus sees this change and the increase in spam as a threat to be taken seriously, as unchecked, at the current pace spam levels could reach 95% of all email traffic by mid-2006.... (>)

Jeremy Jaynes Gets 9 Years for Spamming 2004-11-04 UTC
Spammer Jeremy Jaynes, who operated using the alias 'Gaven Stubberfield' and was listed by Spamhaus as the 8th most prolific spammer in the world, has been convicted of spamming using deceptive routing information to hide the source. A Virginia court recommended Jaynes spend nine years in prison for sending hundreds of thousands of unsolicited bulk emails.... (>)

Follow Australia! 2004-07-19 UTC
Spamhaus executives at the United Nations spam conference in Geneva had welcome news for the Australian delegation: Spamhaus is seeing a reduction in activity by the known Australian spammers. Since the introduction of Australia's strong anti-spam law, Australian spammers have started keeping a low profile, many appear to have almost ceased activities and at least one is known to have left the country. The Australian anti-spam law, is working.... (>)

Spammer Arrests herald FTC Crackdown on Illegal Spamming 2004-04-29 UTC
For many months Spamhaus has been working with teams from Law Enforcement Agencies in the United States and United Kingdom helping put together cases against the known spammers. We are very pleased to see arrests of spammers by the FTC now taking place, and look forward to the many more arrests we know are on the way.... (>)

Spamhaus Releases Exploits Block List (XBL) to Combat Illegal Spam Relaying 2004-01-01 UTC
The Exploits Block List (XBL) is a realtime DNS-based database designed to stop spam from illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits utilized by spammers.... (>)

United States set to Legalize Spamming on January 1, 2004 2003-11-22 UTC
Against the advice of all anti-spam organizations, the U.S. House of Representatives has passed the ill-fated CAN-SPAM Act, a bill backed overwhelmingly by spammers and dubbed the "YOU-CAN-SPAM" Act because it legalizes spamming.... (>)

Spammers Release Virus to Attack Spamhaus.org 2003-11-02 UTC
The W32.Mimail.E virus infected hundreds of thousands of computers worldwide. The purpose of Mimail.E is to use the machines it infects to collectively attack the www.Spamhaus.org website.... (>)

The Spam Definition and Legalization Game 2003-05-14 UTC
Spammers redefine the word "spam" to hoodwink law makers into legalizing Unsolicited Bulk Email instead of banning it.... (>)

Spamming is now a Crime in Virginia 2003-04-30 UTC
The State of Virginia on Tuesday 29th April 2003 enacted the toughest anti-spam legislation of any US State so far, imposing harsh felony penalties for sending spam to computer users through deceptive means. Spammers who send Unsolicited Bulk Email to or from Virginia with a bogus return address, or via exploits such as stolen open proxies, now face criminal penalties, paying massive fines and spending up to five years in jail. The new law also empowers officials to seize the assets of those convicted of sending deceptive bulk e-mail.... (>)

Europe Outlaws Spam 2002-05-30 UTC
The European Parliament has voted to ban Unsolicited Bulk Email. Article 13 of the Directive on processing of personal data and the protection of privacy in the electronic communications sector will guide legislation banning spam throughout the 15 European member countries. EU Members Austria, Denmark, Finland, Germany, Greece, and Italy as well as EFTA member Norway have already implemented 'opt-in' in their national legislation.... (>)

© 1998-2018 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy