Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Did anyone recently notice that the Spamhaus XBL just got really big?

2017-12-19 07:11:23 UTC, by Ray, the Spamhaus XBL/CBL Team

Category:  malware, iot, security
Recent News Articles

Smoke Loader malware improves after Microsoft spoils its Campaign

Fighting abuse at the edge

Spamhaus Botnet Threat Report 2017

PandaZeuS’s Christmas Gift: Change in the Encryption scheme

Did anyone recently notice that the Spamhaus XBL just got really big?

French government provides spam lists

Botnet Controllers in the Cloud

Spamhaus Botnet Summary 2016


Older News Articles:
Spamhaus News INDEX

Yes, the XBL grew by over 50%!

Over the past three weeks, some of our users have noticed that the XBL (CBL) database has grown substantially in size. There are two major reasons for this.


1) Increase from the Internet of Things (IoT)

There has been a substantial increase in the amount of IoT scanning. Which means that the operators of IoT malicious botnets are trying to grow their populations of hacked devices. We noticed an oddity where Argentina seems to have had more than their fair share of the increase. This may have something to do with compromises being found in devices common to Argentinian ISP customers. For example, a new IoT variant similar to Mirai called Satori has appeared and seems to be attacking the Huawei Home Gateway routers in particular.

The total number of IoT entries in the XBL has increased from just under 1 million to over 2.5 million.

As of today, Egypt is in the lead with approximately 1.2 million Mirai infections detected. This is suggestive that one or more ISPs there are distributing access modems/routers that are particularly vulnerable to this wave of Mirai attacks.


2) Increase from the Andromeda botnet takedown

bot increase graph The Andromeda Takedown on November 29, 2017 has resulted in the entire Andromeda (a/k/a Gamarue) Command and Control (C&C) network being taken over. We get a feed of this data, which has led to the number of entries to skyrocket from a few tens-of-thousands to now over 6 million.

The XBL data

Most Spamhaus XBL users query our zones via DNS and will not have noticed the size change as the data is presented one entry at a time. Those who have larger traffic or wish to do their own analysis of this real-time feed can subscribe to an rsync feed of the XBL.

As one can see, the growth of the XBL zone, which is normally seen as a bad-thing since it usually tracks the increase in compromised systems, can at times also point to something good. In this case, the dismantling of a large, notorious, botnet system.

««»»


Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Did anyone recently notice that the Spamhaus XBL just got really big?
http://www.spamhaus.org/news/article/770/did-anyone-recently-notice-that-the-spamhaus-xbl-just-got-really-big

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2018 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy