Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Spamhaus News Category: malware
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.


all categories
return codes

RSS News Feed
Spamhaus Botnet Threat Update: Q3-2019 2019-10-11 UTC
You would be right to assume that malware authors and botnet operators in the Northern Hemisphere took a break over the summer months. Unfortunately, that assumption would be incorrect.... (>)

Spamhaus Botnet Threat Update: Q2-2019 2019-07-15 UTC
In this quarter, Botnet command & control (C&C) traffic remains significantly above the monthly averages of 2018, although it would appear that in June some botnet operators have taken a vacation.... (>)

Spamhaus Botnet Threat Update: Q1-2019 2019-04-25 UTC
Welcome to the first quarterly update of 2019 In the first three months of this year, Spamhaus Malware Labs have observed significant changes in the malware that’s associated with botnet Command & Control (C&C) servers, most notably a preference for cybercriminals to utilize crimeware kits...... (>)

Emotet adds a further layer of camouflage 2019-03-27 UTC
Most professionals within enterprise security have come across ‘Emotet'. As its history illustrates, the criminals behind Emotet malware are cunning and quick to maximize its ‘potential.' From a basic banking Trojan to a threat distribution service, it is constantly being re-invented. This ‘constant malware improvement’ isn’t showing any sign of abating. Recently the Spamhaus Malware Labs team have identified further unsettling changes in Emotet.... (>)

Smoke Loader malware improves after Microsoft spoils its Campaign 2018-04-16 UTC
Early this year, in March 2018, Microsoft’ Windows Defender Research Team in Redmond published some interesting insights into a massive malware campaign distributing a dropper/loader called Smoke Loader (also known as Dofoil). The main purpose of the documented campaign was to distribute a coin miner payload that is using infected machines to mine crypto currencies. Within 12 hours, Windows Defender recorded more than 400,000 instances, but could deploy appropriate countermeasures on computers running Windows within seconds. As further analysis from Spamhaus Malware Labs revealed, these countermeasures did not stay unattended by the malware authors behind Smoke Loader. Runtrace... (>)

Spamhaus Botnet Threat Report 2017 2018-01-08 UTC
Now that 2017 is behind us, as we do each year, the Spamhaus Project would like to give some numbers and thoughts on the botnet threats we encountered. In 2017, Spamhaus Malware Labs identified and issued Spamhaus Block List (SBL) listings for more than 9,500 botnet Command & Control servers on 1,122 different networks. A botnet controller, commonly abbreviated as "C&C", is being used by fraudsters to both control malware infected machines and to extract personal and valuable data from malware infected victims. Botnet controllers therefore play a core role in operations conducted by cybercriminals who are using infected machines to send out spam, ransomware, launch DDoS attacks, commit ebanking fraud, click-fraud or to mine cryptocurrencies such as Bitcoin. An infected machine can be a desktop computer, mobile device (like a smartphone) but also an IoT device ("Internet Of Things") device such as webcam or network attached storage (NAS) that is connected to the internet.... (>)

PandaZeuS’s Christmas Gift: Change in the Encryption scheme 2017-12-28 UTC
Spamhaus Malware Labs - Spamhaus's malware research unit - recently observed a wave of new PandaZeuS malware samples being distributed during the Christmas season. PandaZeuS, also known as Panda Banker, is an ebanking Trojan that evolved from the notorious ZeuS trojan and is being used by different threat actors to compromise ebanking credentials, used by cybercriminals to commit ebanking fraud.... (>)

Did anyone recently notice that the Spamhaus XBL just got really big? 2017-12-19 UTC
Over the past three weeks, some of our users have noticed that the XBL (CBL) database has grown substantially in size. There are two major reasons for this. 1) Increase from the Internet of Things (IoT) 2) Increase From Andromeda botnet takedown... (>)

Botnet Controllers in the Cloud 2017-04-25 UTC
Cloud computing is popular these days. Millions of users consume computing power out of the cloud every day. Cloud computing comes with several advantages over traditional server hosting, such as scalability and quick deployment of new resources. As of January 2017, several large botnet operators appear to have discovered the benefits of cloud computing as well, and have started to... (>)

Spamhaus Botnet Summary 2016 2017-01-17 UTC
2016 was a busy year for existing and emerging cyber threats. In the past year, Spamhaus researchers issued listings for over 7,000 botnet Command & Control ("C&C") servers on more than 1,100 different networks. These C&C servers enabled and controlled online crime such as credential theft, e-banking fraud, spam and DDoS attacks. They were also used for the retrieval of stolen data. 2016 will also go down in history as the first year that security issues related to the 'Internet-of-Things' not only became mainstream, but turned into a serious enabler of ever larger attacks and a source of many future problems.... (>)

Spamhaus Botnet Summary 2014 2014-12-31 UTC
As 2014 ends, Spamhaus reviews the botnet threats that it detected in the past year, and provides facts and useful suggestions for ISPs and web hosts on the front lines of the battle against cybercrime. To nobody's surprise, botnet activity appears to be increasing. The majority of detected botnets are targeted at obtaining and exploiting banking and financial information. Botnet controllers (C&Cs) are hosted disproportionately on ISPs with understaffed abuse departments, inadequate abuse policies, or inefficient abuse detection and shutdown processes. Botnet C&C domains are registered disproportionately with registrars in locations that have lax laws or inadequate enforcement against cybercrime.... (>)

Spamhaus' DBL as a Response Policy Zone (RPZ) 2011-06-10 UTC
All too frequently electronic security breaches result from some form of social engineering trick which entices a user to visit a harmful website by providing a clickable link (URL) with a specially-registered domain which ultimately leads to the user being defrauded or their machine being infected with malware. Once infected, criminals very quickly gain complete control of that user's... (>)

© 1998-2019 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy