The beta nature of the Threat Intel Community Portal
If you haven't noticed, the Threat Intel Community is in beta, and to be honest, it will be for some time - probably until the end of 2024. "Why?" we hear you chorus. In a nutshell, we're all learning together - it's a process of discovering what data you want...
Want to submit data? Be our guest!
For many years Spamhaus has been asked if it accepts data from third parties. The standard response has always been “Only after a detailed technical process and if certain criteria is met". But today, that response changes to “Yes, we do”. If you want to submit malicious domains, IPs, email...
Lifting the lid on a long-time operating Brazilian malware gang
For over 8 years, our researchers have been tracking an operation that targets Brazilian internet users, and is focused on stealing their banking credentials, withdrawing funds from its victim’s accounts. Here’s a potted history.
Understanding top-level domain (TLD) abuse helps illuminate and predict domain threat trends
The Domain Name System (DNS) is the backbone of the internet, enabling agile communication between internet entities. This blog post will focus on top-level domains (TLD), and how they can impact the security landscape.
Neutralizing Tofsee Spambot – Part 1 | Binary file vaccine
Our final report of 2022 goes out with a bang - Emotet is well and truly back! abuse.ch saw a 68% increase in Indicators of Compromise relating to this malware family - find more in November’s malware report.
Dissecting the new shellcode-based variant of GuLoader (CloudEyE)
One of the Spamhaus Project's malware specialists has been battling GuLoader, attempting to analyze this tricky malware. Here they share their findings and explain how you can extract URLs from GuLoader.
What does Spamhaus do?
I write this article for all of you out there who aren't deeply embedded in this industry because the people I work with are remarkable. The world should know what they are doing to quietly protect all those who say “Spamwho?” be that your grandma or the network nerd at work.
Smoke Loader malware improves after Microsoft spoils its Campaign
Early this year, in March 2018, Microsoft’ Windows Defender Research Team in Redmond published some interesting insights into a massive malware campaign distributing a dropper/loader called Smoke Loader (also known as Dofoil). The main purpose of the documented campaign was to distribute a coin miner payload that is using infected...