Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Spamhaus News Category: malware
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.


Categories

all categories
abuse
arin
asn
attack
aws
bgp
blocklist
botnet
botnets
breach
bulk domain registration
bulletproof hosting
cbl
cloud
coi
compromise
compromised
confirmed opt in
css
cybercrime
data hygiene
datasets
dbl
ddos
deliverability
dns
dns firewall
dnsbl
domain
domains
drop
email
emotet
exploits
firewall
gdpr
gmail
godaddy
google docs
google drive
google forms
google groups
government
healthcare
hijack
hijacking
icann
industry
intelligence
iot
ip address
ipv4
ipv6
list hygiene
listbombing
malspam
malware
marketing
mta
pbl
phish
phishing
port 25 blocking
qbot
ransomware
rbl
registrar
removals
reputation
return codes
returncodes
routing
rpz
sbl
security
snowshoe
spam
spamtraps
statistics
support
takedown
tds
threat
threats
trends
trickbot
whois
wordpress
xbl
zen



RSS News Feed
Emotet Email Aftermath 2021-06-23 UTC
The malware the Emotet botnet dropped remains a persistent and imminent threat. After the Emotet takedown, a new picture is coming into focus. Emotet may be down, but the lucrative modus operandi of thread hijacking it popularized is being utilized by other ransomware botnets.... (>)

Emotet is disrupted, but the malware it installed lives on 2021-01-29 UTC
For those infected with Emotet, challenges remain.... (>)

Spamhaus Botnet Threat Update: Q2-2020 2020-07-30 UTC
The pandemic certainly didn’t put the brakes on botnet operators in Q2 2020. After the welcome decrease in activity at the end of Q1, the research team tracked and listed a 29%* increase in the number of botnet Command & Controllers (C&Cs) this quarter. This increased activity is highlighted across most of our Top 20... (>)

Tracking Qbot 2020-07-16 UTC
Qbot (aka Quakbot or Qakbot), is a piece of malware originally designed to enable bad actors to conduct financial fraud.... (>)

Spamhaus Botnet Threat Update: Q1-2020 2020-04-21 UTC
In the past quarter, the number of botnet Command & Controllers (C&Cs) associated with fraudulent sign-ups, reduced by 57%.... (>)

Spamhaus Botnet Threat Report 2019 2020-01-28 UTC
In the 2019 Botnet Threat Report we look back at key trends from 2019 and highlight the operators who are struggling with the number of botnet C&Cs associated with their particular operations.... (>)

Bulletproof hosting – there’s a new kid in town 2019-12-19 UTC
Our researchers have uncovered a new breed of "bulletproof" hosting. Here's what you need to know...... (>)

Estimating Emotet’s size and reach 2019-12-12 UTC
Since Emotet's resurgence, Spamhaus Malware Labs has been closely monitoring and studying Emotet’s activity. Here’s what we’ve uncovered...... (>)

Spamhaus Botnet Threat Update: Q3-2019 2019-10-11 UTC
You would be right to assume that malware authors and botnet operators in the Northern Hemisphere took a break over the summer months. Unfortunately, that assumption would be incorrect.... (>)

Spamhaus Botnet Threat Update: Q2-2019 2019-07-15 UTC
In this quarter, Botnet command & control (C&C) traffic remains significantly above the monthly averages of 2018, although it would appear that in June some botnet operators have taken a vacation.... (>)

Spamhaus Botnet Threat Update: Q1-2019 2019-04-25 UTC
Welcome to the first quarterly update of 2019 In the first three months of this year, Spamhaus Malware Labs have observed significant changes in the malware that’s associated with botnet Command & Control (C&C) servers, most notably a preference for cybercriminals to utilize crimeware kits...... (>)

Emotet adds a further layer of camouflage 2019-03-27 UTC
Most professionals within enterprise security have come across ‘Emotet'. As its history illustrates, the criminals behind Emotet malware are cunning and quick to maximize its ‘potential.' From a basic banking Trojan to a threat distribution service, it is constantly being re-invented. This ‘constant malware improvement’ isn’t showing any sign of abating. Recently the Spamhaus Malware Labs team have identified further unsettling changes in Emotet.... (>)

Smoke Loader malware improves after Microsoft spoils its Campaign 2018-04-16 UTC
Early this year, in March 2018, Microsoft’ Windows Defender Research Team in Redmond published some interesting insights into a massive malware campaign distributing a dropper/loader called Smoke Loader (also known as Dofoil). The main purpose of the documented campaign was to distribute a coin miner payload that is using infected machines to mine crypto currencies. Within 12 hours, Windows Defender recorded more than 400,000 instances, but could deploy appropriate countermeasures on computers running Windows within seconds. As further analysis from Spamhaus Malware Labs revealed, these countermeasures did not stay unattended by the malware authors behind Smoke Loader. Runtrace... (>)

Spamhaus Botnet Threat Report 2017 2018-01-08 UTC
Now that 2017 is behind us, as we do each year, the Spamhaus Project would like to give some numbers and thoughts on the botnet threats we encountered. In 2017, Spamhaus Malware Labs identified and issued Spamhaus Block List (SBL) listings for more than 9,500 botnet Command & Control servers on 1,122 different networks. A botnet controller, commonly abbreviated as "C&C", is being used by fraudsters to both control malware infected machines and to extract personal and valuable data from malware infected victims. Botnet controllers therefore play a core role in operations conducted by cybercriminals who are using infected machines to send out spam, ransomware, launch DDoS attacks, commit ebanking fraud, click-fraud or to mine cryptocurrencies such as Bitcoin. An infected machine can be a desktop computer, mobile device (like a smartphone) but also an IoT device ("Internet Of Things") device such as webcam or network attached storage (NAS) that is connected to the internet.... (>)

PandaZeuS’s Christmas Gift: Change in the Encryption scheme 2017-12-28 UTC
Spamhaus Malware Labs - Spamhaus's malware research unit - recently observed a wave of new PandaZeuS malware samples being distributed during the Christmas season. PandaZeuS, also known as Panda Banker, is an ebanking Trojan that evolved from the notorious ZeuS trojan and is being used by different threat actors to compromise ebanking credentials, used by cybercriminals to commit ebanking fraud.... (>)

Did anyone recently notice that the Spamhaus XBL just got really big? 2017-12-19 UTC
Over the past three weeks, some of our users have noticed that the XBL (CBL) database has grown substantially in size. There are two major reasons for this. 1) Increase from the Internet of Things (IoT) 2) Increase From Andromeda botnet takedown... (>)

Botnet Controllers in the Cloud 2017-04-25 UTC
Cloud computing is popular these days. Millions of users consume computing power out of the cloud every day. Cloud computing comes with several advantages over traditional server hosting, such as scalability and quick deployment of new resources. As of January 2017, several large botnet operators appear to have discovered the benefits of cloud computing as well, and have started to... (>)

Spamhaus Botnet Summary 2016 2017-01-17 UTC
2016 was a busy year for existing and emerging cyber threats. In the past year, Spamhaus researchers issued listings for over 7,000 botnet Command & Control ("C&C") servers on more than 1,100 different networks. These C&C servers enabled and controlled online crime such as credential theft, e-banking fraud, spam and DDoS attacks. They were also used for the retrieval of stolen data. 2016 will also go down in history as the first year that security issues related to the 'Internet-of-Things' not only became mainstream, but turned into a serious enabler of ever larger attacks and a source of many future problems.... (>)

Spamhaus Botnet Summary 2014 2014-12-31 UTC
As 2014 ends, Spamhaus reviews the botnet threats that it detected in the past year, and provides facts and useful suggestions for ISPs and web hosts on the front lines of the battle against cybercrime. To nobody's surprise, botnet activity appears to be increasing. The majority of detected botnets are targeted at obtaining and exploiting banking and financial information. Botnet controllers (C&Cs) are hosted disproportionately on ISPs with understaffed abuse departments, inadequate abuse policies, or inefficient abuse detection and shutdown processes. Botnet C&C domains are registered disproportionately with registrars in locations that have lax laws or inadequate enforcement against cybercrime.... (>)

Spamhaus' DBL as a Response Policy Zone (RPZ) 2011-06-10 UTC
All too frequently electronic security breaches result from some form of social engineering trick which entices a user to visit a harmful website by providing a clickable link (URL) with a specially-registered domain which ultimately leads to the user being defrauded or their machine being infected with malware. Once infected, criminals very quickly gain complete control of that user's... (>)

© 1998-2021 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy