|Tweet Follow @spamhaus||
Botnet Controllers in the Cloud
Spamhaus Botnet Summary 2016
Network Hijacking on the Rise
Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs
More Domain Stats: The 10 Most Abused Registrars
SBL/ZEN DNS lookups to return DROP/eDROP status
Spamhaus Presents: The World's Worst Top Level Domains
Verizon Routing Millions of IP Addresses for Cybercrime Gangs
Older News Articles:
Spamhaus News INDEX
|All too frequently electronic security breaches result from some form of social engineering trick which entices a user to visit a harmful website by providing a clickable link (URL) with a specially-registered domain which ultimately leads to the user being defrauded or their machine being infected with malware.
Once infected, criminals very quickly gain complete control of that user's computer: if that user is on a corporate network, the criminal would immediately gain all that user's privileged access within the company's network. This can result in the theft of confidential corporate data, in many cases financial losses and the possibility of lurid headlines in the press.
While security professionals can and do block access to domains that are known to cause harm, this has so far only been possible once the harm has been identified. And that's too late - the harm is already done. The criminals who use these techniques are now registering domains by the thousand in order to circumvent such blocks, "paying" for them with stolen credit cards and using each domain for a very small number of attacks.
The Spamhaus DBL was launched in 2010 as a way to identify these domains very rapidly so that network administrators can block them in advance. But even so, there has so far been no way to provide this protection automatically.
Now, Response Policy Zones (RPZs) allow DNS administrators selectively to block the DNS resolution of sites. The bad domains or hosts will then simply disappear from that network's view of the Internet - and the malware will no longer be able to reach that network.
Spamhaus' Domain Block List (DBL) contains tens of thousands of domains known to be suspect. The DBL already is being updated with new threats every sixty seconds of every day. By making this list of bad domains available as an RPZ, Spamhaus and their technical collaborators (Deteque and ISC) are giving security administrators an additional tool which they can use to protect their network from the inadvertent actions of unsuspecting users.
This data is updated very rapidly by broadcasting only changes to the list rather than the full list. This means that the frequent updates generally take less than a second to propagate, effectively mitigating threats in near real time.
Spamhaus' DBL RPZ is now available for beta testing. A BIND server (version 9.8.0+) is needed to utilise this feature and at this time networks will need to contact Spamhaus <email@example.com> to register their BIND server to use this RPZ.
For further information see:
Spamhaus News Index
Spamhaus in the media
Spamhaus Official Statements
Permanent link to this news article:
Spamhaus' DBL as a Response Policy Zone (RPZ)
Subscribe to RSS News Feed
Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.