(Data Query Service)
(DNS Firewall)
(IP & Domain Intelligence)
The anatomy of bulletproof hosting – past, present, future
Few cybercrime enablers are as crucial and notorious as bulletproof hosting. However, despite its importance, reporting is often domineered by sensationalism and tabloid-style “infotainment.” For those seeking more prosaic coverage on this topic, join a journey on the history, current state of affairs, and potential future developments in the threat landscape.
Traffic Distribution System (TDS) abuse - What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what we can do as a community to address the problem.
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog explores the campaign’s origins and countermeasures against residential proxy-enabled spam.
Lifting the lid on a long-time operating Brazilian malware gang
For over 8 years, our researchers have been tracking an operation that targets Brazilian internet users, and is focused on stealing their banking credentials, withdrawing funds from its victim’s accounts. Here’s a potted history.
Domain registries - are you experiencing the Freenom Effect?
Freenom’s doors have been firmly shut to new domain registrations, for almost three months. The latest Spamhaus domain data suggests, those registries that operate TLDs at the lower end of the pricing spectrum are significantly more susceptible to abusive registrations.
Understanding top-level domain (TLD) abuse helps illuminate and predict domain threat trends
The Domain Name System (DNS) is the backbone of the internet, enabling agile communication between internet entities. This blog post will focus on top-level domains (TLD), and how they can impact the security landscape.
There's no such thing as a "free" app!
Downloading a free application and installing it on an internet-connected device can lead to you not being able to send email. This is because some apps allow third parties to access your device without your knowledge. These third parties then use your network connection for malicious purposes, causing your IP address to be listed as unsafe.
Let's talk about the danger of residential proxy networks
In our experience, residential proxies are an often overlooked security threat; one that can be very difficult to remediate for the end user who -in our experience- is entirely unaware of its existence.
XYZ discusses industry collaboration to ban bad actors
XYZ Registry explains how the lack of visibility into a bad actor's domain causes issues and provides suggestions to overcome this problem.
Getting the low-down from XYZ Registry on combating domain abuse
We've been reaching out to registries for their views and opinions on combating internet abuse for this blog post series. Recently we had an in-depth conversation with XYZ on their approach to domain abuse.
When doorbells go rogue!
Here's a story of doorbells, specific software development kits (SDKs), proxies, and miscreants using your home network to send spam.
Emotet is disrupted, but the malware it installed lives on
The successful takedown of the Emotet C2 infrastructure announced January 27th 2021 is no small accomplishment, both from a technical point of view and for the larger safety and security of the internet as a whole. However, Emotet often drops other malware which can still work even though Emotet no...
The most abused top-level domains in 2018
The team at Spamhaus observed a large 52% increase compared to 2017! Here's everything you need to know when it comes to the most abused top-level domains (TLDs) in 2018, and how to protect yourself from a worrying trend concerning decentralized TLDs (dTLDs).
Spamhaus in the news
Read how Spamhaus Top Level Domains list continues to feature in the cyber news columns
Increasing Spam Threat from Proxy Hijackers
Spam, now at 75% of all email traffic arriving at most ISPs mail servers, has come mainly from two types of source - either sent directly by the spammer, or sent by the spammer through a hijacked computer (proxy). For most anti-spam systems these two sources have been relatively easy...
