(Data Query Service)
(DNS Firewall)
(IP & Domain Intelligence)
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog explores the campaign’s origins and countermeasures against residential proxy-enabled spam.
Spammers Love Mobile Phone IP Space. Here’s How to Fix That.
Mobile phone companies are leaving the door wide open for spammers. They’re hurting their own customers (and the rest of the Internet) - but there’s still time to fix this.
Sex education in the classroom? Google can help, but there is a compromise!
It’s not uncommon for popular services to eventually fall victim to abuse. In this case, we explore how spammers are using Google Classroom to lure their victims (at elementary school!) to dating websites and generate revenue via affiliate programs associated with such sites.
There's no such thing as a "free" app!
Downloading a free application and installing it on an internet-connected device can lead to you not being able to send email. This is because some apps allow third parties to access your device without your knowledge. These third parties then use your network connection for malicious purposes, causing your IP address to be listed as unsafe.
Let's talk about the danger of residential proxy networks
In our experience, residential proxies are an often overlooked security threat; one that can be very difficult to remediate for the end user who -in our experience- is entirely unaware of its existence.
The holiday hack – a reminder of why you shouldn’t always trust emails
Here’s a cautionary tale to anyone and everyone who uses email. The learning is simple: Always be vigilant, especially if its content asks you to provide personal information or click on links and download files.
When doorbells go rogue!
Here's a story of doorbells, specific software development kits (SDKs), proxies, and miscreants using your home network to send spam.
Using OMI on Microsoft Azure? Here's an update you need to read
An easy-to-exploit security vulnerability that allows remote code execution (RCE) on virtual machines where Open Management Infrastructure (OMI) is installed has been observed. Users need to take action.
Wordpress compromises: What's beyond the URL?
One of the many tricks in the modern cybercriminal miscreant's toolbox is using compromised websites to evade spam filters and domain reputation systems. Whether hiding a web-based exploit or just getting a free ride on the reputation of otherwise legitimate domains, using an existing domain name has multiple benefits –...
Emotet is disrupted, but the malware it installed lives on
The successful takedown of the Emotet C2 infrastructure announced January 27th 2021 is no small accomplishment, both from a technical point of view and for the larger safety and security of the internet as a whole. However, Emotet often drops other malware which can still work even though Emotet no...
Some attack vectors Spamhaus is observing in early 2021
As we gallop apace into 2021, our researchers often get asked what the current trends and themes are they're seeing. ## Compromised legitimate websites Legitimate websites continue to be compromised in substantial numbers. We are still regularly seeing thousands and thousands of hacked WordPress sites. Once a cybercriminal has a...
WEBINAR - Domain Hijacking, April 2020
Instances of domain hijacking are on the increase, and the fall out for victims can be significant. Join ISC and Matt Sith, from Spamhaus to discover how big a problem domain hijacking is and learn how to protect against it.
The Current State of Domain Hijacking, and a specific look at the ongoing issues at GoDaddy
**Domain hijacking is not a new problem, but it is one that gains strength if it is not countered effectively, and we have seen some disturbing trends in the last 6 months.** Cyber criminals are increasingly relying on legitimate and well established domains in order to carry out their maliciousness...
Botnet listings increase by 50% over the past weeks on XBL
Discover what is driving this large increase in the number of botnets we are observing currently.
Exploits Block List - Two Botnets Contribute to 50% Increase in Listings
If you’ve been monitoring the Exploits Block List (XBL) recently you will have noticed a significant increase in the number of listings. The past few weeks have seen a lift from approximately 10 million to 15 million listings. The question is why? Our botnet specialist explains…
