Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Exploits Block List - Two Botnets Contribute to 50% Increase in Listings

2018-10-26 17:34:38 UTC, by Quentin Jenkins

Category:  xbl, botnet
Recent News Articles

Exploits Block List - Two Botnets Contribute to 50% Increase in Listings

How has GDPR affected Spam?

Smoke Loader malware improves after Microsoft spoils its Campaign

Fighting abuse at the edge

Spamhaus Botnet Threat Report 2017

PandaZeuS’s Christmas Gift: Change in the Encryption scheme

Did anyone recently notice that the Spamhaus XBL just got really big?

French government provides spam lists


Older News Articles:
Spamhaus News INDEX

If you’ve been monitoring the Exploits Block List (XBL) recently you will have noticed a significant increase in the number of listings. The past few weeks have seen a lift from approximately 10 million to 15 million listings. The question is why? Our botnet specialist explains…

What is the XBL?

The XBL is Spamhaus’s block list which lists IP addresses that host bots and malware-infected computers.

Why the huge upswing in listings?

Approximately half of this increase is due to a new spambot sending out vast quantities of spam for Chinese porn web sites. We believe that this may be due to proxy software, popular in China, having a security issue. Meanwhile the rest is from the rising number of IP addresses that are being reported as infected with the Avalanche/Gamarue botnet.

For those ‘in know’, you’re probably thinking “But the Avalanche botnet was taken down?” You are indeed correct, however the machines infected by Avalanche are still out there spreading the infection to new machines. The difference being now is that these machines can no longer be controlled by the current set of bad guys. But, it’s worth noting that these machines are still insecure and open to abuse by other spammers.

When will these bots die out?

Even if all the botnet gangs were taken down the malware they created would continue to spread without their controller. This is a spectre we're going to have to live with for a long time. The Conficker bot is still out there, and its control network died years ago!

Who is behind the new spambot?

There’s one last question… what (or who) is responsible for sending the copious quantities of Chinese porn-related spam? To date we don’t have an answer, but we’ll let you know as soon as we find out more.


Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Exploits Block List - Two Botnets Contribute to 50% Increase in Listings
http://www.spamhaus.org/news/article/776/exploits-block-list-two-botnets-contribute-to-50-increase-in-listings

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2018 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy