The Spamhaus Project
BETA

Resources

Get the most from the Spamhaus Threat Intel Community Portal, with the latest news, blog posts, how-to guides and videos.

Most Recent First
Filter by date published
Add format filter
Domain Reputation Update Apr 2024 - Sept 2024

Domain Reputation Update Apr 2024 - Sept 2024

Domain Reputation
Malware
Service Providers
Report • October 10, 2024

10 DNS best practices to keep your Domain Reputation in check

Poor DNS hygiene can leave your organization vulnerable to threats like subDoMailing, DNS spoofing, domain hijacking and other threats. In addition to putting domain security at risk, these vulnerabilities can have long-term effects on domain reputation. Here are ten DNS best practices businesses can implement to protect their domains and entire business.

DNS
Domain Reputation
Best Practice • September 30, 2024

Markmonitor webinar | League Table Talk: Ranking ccTLDs on DNS Abuse

In this Markmonitor webinar, Spamhaus' Carel Bitter, joins Georgia Osborn, Senior Research Analyst at the DNS Research Federation, and Chris Niemi, Manager of Strategic Initiatives at Markmonitor, to discuss ccTLDs in the larger context of DNS Abuse.

Domain Reputation
DNS
News • September 02, 2024

A misuse of Spamhaus blocklists: PART 2 - How to limit outbound spam

If you’ve skipped the first part of this series, we strongly recommend you go and read this blog first (link below), to understand the misuse of Spamhaus blocklists to block outbound mail. However, if you provide a mail service and want to learn specifically how to limit your outbound spam, read on.

Email Security
Email Filtering
Spam
Blog • August 28, 2024

A misuse of Spamhaus blocklists: PART 1 - blocking outbound email

One issue our folks handling tickets submitted by blocked users experience are messages like: Help! My IP is listed by Spamhaus and now I can’t send emails! My provider is rejecting all my emails! You may be asking “Is this not exactly what is supposed to happen in case of a listing?”. Surprising, the answer is “No, it is not!” This is a misuse of our blocklists

DNSBL
Email Filtering
Email Security
Blog • August 21, 2024

If you query the legacy DNSBLs via GoDaddy move to Spamhaus Technology’s free Data Query Service

Currently accessing the free legacy DNS Blocklists (DNSBLs) via the Public Mirrors, and using GoDaddy's network? You'll need to make some minor changes to your email infrastructure. The changes are simple to implement, but if you fail to do so, you could find that at some point post-September 26th 2024, all or none of your email is blocked!

Email Security
DNSBL
Free Tools Data
Blog • August 15, 2024

Too big to care? - Our disappointment with Cloudflare’s anti-abuse posture

Cloudflare, best known for its content delivery network (CDN), is marketed as a “Connectivity Cloud”. Part of its offering is protecting a vast number of websites from DDoS attacks [1]. However, its attitude to abuse management and prevention proves a point of contention and we urge Cloudflare to review its anti-abuse policies.

Service Providers
Phishing
Bulletproof Hosting
Blog • July 30, 2024

Living-Off-Trusted-Sites (LOTS) or should we say services?

"Living Off-Trusted Sites (LOTS)" is not a new cybercrime tactic, but it continues to pose a significant threat. Join us as we explore the evolution of LOTS, its impact on online trust and safety, and the crucial role the community plays in disrupting the activities of those who engage in these deceptive tactics.

Service Providers
Cybercrime
Phishing
Blog • July 24, 2024

Dangling DNS and the dangers of subdomain hijacking

DNS attacks are becoming increasingly prevalent, with 90% of organizations experiencing them, as per the IDC Threat Intelligence Report 2023. Due to its critical function, DNS is a frequent target for cybercrimes, including DDOS attacks, DNS spoofing and DNS hijacking. However, a lesser-known but significant threat is the dangling DNS record - read on to learn more.

DNS
Hijacking
Spam
Blog • July 17, 2024
Botnet Threat Update January to June 2024

Botnet Threat Update January to June 2024

Botnet C C
Malware
Service Providers
Report • July 09, 2024

Amazon SES works with Spamhaus to protect its network and reputation

Maintaining a reputable network for reliable service without problems is EVERYTHING to email service provider, Amazon Simple Email Service (SES). Proactively managing millions of IPs and domains, SES is committed to delivering exceptional service and deliverability. Learn more about how SES works with Spamhaus to protect its network and reputation when at risk.

Service Providers
IP Reputation
Domain Reputation
Blog • July 05, 2024

ESPs: Why IP and Domain Reputation Matter and How to Manage Them

Maintaining a positive IP and domain reputation is essential for email service providers (ESPs) aiming to offer a successful email sending service. In this blog, we will explore the key principles and best practices that ESPs should follow to effectively manage and enhance their IP and domain reputation, ultimately driving customer success and business growth.

Service Providers
IP Reputation
Domain Reputation
Blog • May 29, 2024

Manage IP & domain reputation wisely - they're valuable assets!

Trust. That’s a word with huge connotations. The Oxford Languages defines it as: believe in the reliability, truth, or ability of. But how can you believe in the reliability, truth or ability of an IP address or domain? In our world it boils down to reputation.

IP Reputation
Domain Reputation
Brand Reputation
Blog • May 15, 2024

Expired and exploited: Reviving a 30-year-old legacy domain for hijacking

Due to the current shortage of IPv4 addresses, any legacy IP block, regardless of its size, including Autonomous System (AS) networks, is at risk of being hijacked and misused for identity theft or other malicious activities. Here are the findings of Spamhaus' investigation into Fiberlinkcc.com, a legacy domain used to provide connectivity to hijacked IP blocks.

Hijacking
Network Security
IP Reputation
Blog • May 10, 2024

C-O-N-S-E-N-T, find out what it means to me!

With her unique style of wisdom, wit, and authenticity, Alison Gootee is a pro at challenging you to think differently about fundamental deliverability issues. Recently, we asked Alison to share her thoughts on consent, an issue close to Spamhaus. Guess what? She said, "yes!" So, sit back, grab a cup of coffee, and read on to find out what consent means to her.

Deliverability
IP Reputation
Domain Reputation
Blog • May 01, 2024

Spammers Love Mobile Phone IP Space. Here’s How to Fix That.

Mobile phone companies are leaving the door wide open for spammers. They’re hurting their own customers (and the rest of the Internet) - but there’s still time to fix this.

Compromised
Service Providers
Malware
Blog • April 19, 2024

If you query the legacy DNSBLs via Vultr move to Spamhaus Technology’s free Data Query Service

If you are currently accessing the free legacy DNS Blocklists (DNSBLs) via the Public Mirrors, and you’re using Vultr infrastructure - you'll need to make some minor changes to your email infrastructure. The changes are easy to implement, but if you fail to do so, you could find that at some point post-May 22nd 2024, all or none of your email is blocked!

Email Security
DNSBL
Free Tools Data
Blog • April 18, 2024

Sex education in the classroom? Google can help, but there is a compromise!

It’s not uncommon for popular services to eventually fall victim to abuse. In this case, we explore how spammers are using Google Classroom to lure their victims (at elementary school!) to dating websites and generate revenue via affiliate programs associated with such sites.

Service Providers
Investigations
Compromised
Blog • April 16, 2024
Domain Reputation Update Oct 2023 - Mar 2024

Domain Reputation Update Oct 2023 - Mar 2024

Domain Reputation
Threat Intelligence
Malware
Report • April 11, 2024

Between input and output: The enigma of being a Spamhaus threat investigator

Spamhaus processes millions of IPs and domains every day. Given the vast amount of incoming data, automation is a necessity. But is technology alone enough? Let’s find out. Meet one of our researchers, Jonas Arnold, as he sheds light on the threat investigators' role in Spamhaus and the fight against Internet abuse.

Investigations
Threat Hunting
Spamhaus
Blog • April 03, 2024

Beyond spam: How Spamhaus is strengthening trust and safety for the Internet

At its core, the Spamhaus Project has a deep-seated desire to increase trust and safety on the Internet—a passion to protect and make the Internet a safer place. That sounds a little too virtuous, doesn't it? Let's look at what those phrases really mean in the context of Spamhaus and how it's striving to make this happen.

Trust And Safety
Threat Intelligence
Free Tools Data
Blog • March 21, 2024

Registration, collaboration and disruption - an interview with Dave Piscitello (Part 2)

In part one, Dave Piscitello, Partner at Interisle Consulting Group LLC discussed several key findings of the Interisle Cybercrime Supply Chain study 2023. Now, let’s explore the role of registries, registrars and other organizations that can affect change in the cybercrime supply chain.

Cybercrime
Domain Reputation
Service Providers
Blog • March 07, 2024

Trends, policy and cheap TLDs - an interview with Dave Piscitello (Part 1)

Cybercrime supply chains are central to today’s intricate web of cyber threats. Without them, malicious actors wouldn’t have access to the tools, resources, and expertise necessary to execute their attacks. In October 2023, Interisle Consulting Group LLC conducted a study that sheds light on the supply chains used by cybercriminals. Learn more about the findings here.

Cybercrime
Domain Reputation
Service Providers
Blog • March 06, 2024

A website to effect change

We're thrilled to share our brand-new Spamhaus Project website with you! It was high time for an overhaul, but now we have a website that reflects who and what Spamhaus is today. The new site offers a wealth of education, support, and free data to the community covering topics such as IP and domain reputation, malware, DNS Blocklists, threat intelligence, service providers, and more.

IP Reputation
Malware
Domain Reputation
News • February 29, 2024

Part 2 – Effective strategies against inbound malicious email: using your own data

Having looked at best practices for utilizing blocklists in the first part of this series, let’s explore the value of maximizing your own data to protect your network from malicious inbound emails. After all, your email infrastructure contains data that may only occur on your specific network.

Email Security
Network Security
Brand Reputation
Best Practice • February 15, 2024
Malware Digest January 2024

Malware Digest January 2024

Malware
Threat Intelligence
Report • February 15, 2024

Spamhaus Blocklist (SBL) listings are moving

Any abuse desk worker or Trust and Safety team member who has received a Spamhaus Blocklist (SBL) email notification, can view the full details of the listing on www.spamhaus.org. However, change is coming soon. Please read on, otherwise, you may think you've been phished, when the URL in one of these notifications is different and directs you to a different place!

DNSBL
Delisting
Free Tools Data
News • February 16, 2024
Botnet Threat Update Q4 2023

Botnet Threat Update Q4 2023

Botnet C C
Threat Intelligence
Malware
Report • January 11, 2024
Malware Digest December 2023

Malware Digest December 2023

Malware
Threat Intelligence
Report • January 09, 2024
Malware Digest November 2023

Malware Digest November 2023

Malware
Threat Intelligence
Report • December 05, 2023

How to encode data before making a submission via the API

When sharing data via the API, some users are experiencing issues encoding data. Where an email text attachment is included (likely to include strange characters), JSON is not always encoded correctly. To help we have provided step-by-step guidance on how to send RAW email source code using a BASH or PHP script.

Guide • November 30, 2023
How to submit suspicious activity or threats

How to submit suspicious activity or threats

Video • November 14, 2023
Malware Digest October 2023

Malware Digest October 2023

Malware
Threat Intelligence
Report • November 03, 2023

The beta nature of the Threat Intel Community Portal

If you haven't noticed, the Threat Intel Community is in beta, and to be honest, it will be for some time - probably until the end of 2024. "Why?" we hear you chorus. In a nutshell, we're all learning together - it's a process of discovering what data you want...

Threat Hunting
Threat Intelligence
News • November 01, 2023
Domain Reputation Update Q3 2023

Domain Reputation Update Q3 2023

Domain Reputation
Threat Intelligence
Malware
Report • October 16, 2023
Malware Digest September 2023

Malware Digest September 2023

Malware
Threat Intelligence
Report • October 06, 2023

Want to submit data? Be our guest!

For many years Spamhaus has been asked if it accepts data from third parties. The standard response has always been “Only after a detailed technical process and if certain criteria is met". But today, that response changes to “Yes, we do”. If you want to submit malicious domains, IPs, email...

Threat Hunting
Threat Intelligence
News • October 05, 2023
Botnet Threat Update Q3 2023

Botnet Threat Update Q3 2023

Botnet C C
Threat Intelligence
Malware
Report • October 05, 2023

The return of the ASN-DROP

Further to requests from the community we've reinvigorated the ASN-DROP. With a new algorithm, ASN-DROP is now available in JSON format, listing Autonomous System Numbers (ASNs) associated with the worst of the worst behavior. These are ASNs that our researchers wouldn’t recommend engaging with and are highly likely to announce...

DNSBL
Hijacking
Network Security
Blog • September 13, 2023

How to successfully access your email source code

Learn how to access email source code using different email clients and the type of information you can find to help identify malicious emails associated with spam and phishing attempts.

Guide • September 12, 2023
Malware Digest August 2023

Malware Digest August 2023

Malware
Threat Intelligence
Report • September 06, 2023

Qakbot - the takedown and the remediation

Writing "Qakbot" and "takedown" in the same sentence is quite something. Usually, Spamhaus is bemoaning the ever-growing numbers of compromised IPs associated with this malware. But, on Tuesday, August 29th, 2023, the Federal Bureau of Investigation (FBI) announced that it coordinated an international group...

Malware
Threat Intelligence
Botnet C C
News • August 29, 2023

What will happen with my submission?

At Spamhaus, we value every piece of data shared with us. Currently, we (and our algorithms) are learning from your submissions. Through manual reviews and automatic reprocessing, we're discovering how best we can feedback on your data.

Blog • August 10, 2023

Who is the Threat Intel Community for?

We firmly believe it’s vital for the safety of the internet to share malicious activity. You may be someone who isn’t hugely technical but wants to report a single spam email that you’ve received. Alternatively, you may want to increase the reach of your current threat-researching activities. Either way, there's a place to share…

Blog • August 09, 2023

What benefits does creating an account provide?

If you are going to make regular contributions, we recommend you create an account, which takes minutes (if that). Having account-based access provides you with a number of benefits...

Blog • August 09, 2023

Why submit?

Everyone who interacts digitally, i.e., uses the internet, has a role in making it a safer place. We all witness malicious behavior to some extent or another. Spamhaus is creating a platform for sharing intelligence relating to this activity because, ultimately, sharing is caring!

News • August 09, 2023
Malware Digest July 2023

Malware Digest July 2023

Malware
Threat Intelligence
Report • August 04, 2023

DNS abuse: ICANN call for action – but is it enough?

ICANN's proposed amendments to registry and registrar contracts (RARAA), tackle DNS abuse head on, a positive step in the fight against internet abuse and cybercrime. But, are they enough? Read our thoughts here.

Service Providers
Spam
DNS
Blog • July 25, 2023
Domain Reputation Update Q2 2023

Domain Reputation Update Q2 2023

Domain Reputation
Threat Intelligence
Malware
Report • July 18, 2023
Botnet Threat Update Q2 2023

Botnet Threat Update Q2 2023

Botnet C C
Threat Intelligence
Malware
Report • July 11, 2023
Malware Digest June 2023

Malware Digest June 2023

Malware
Threat Intelligence
Report • July 06, 2023

Lifting the lid on a long-time operating Brazilian malware gang

For over 8 years, our researchers have been tracking an operation that targets Brazilian internet users, and is focused on stealing their banking credentials, withdrawing funds from its victim’s accounts. Here’s a potted history.

Malware
Threat Intelligence
Threat Hunting
Blog • May 06, 2023
Domain Reputation Update Q1 2023

Domain Reputation Update Q1 2023

Domain Reputation
Threat Intelligence
Malware
Report • April 14, 2023
Botnet Threat Update Q1 2023

Botnet Threat Update Q1 2023

Botnet C C
Threat Intelligence
Malware
Report • April 12, 2023
Malware Digest March 2023

Malware Digest March 2023

Malware
Threat Intelligence
Report • April 06, 2023

Neutralizing Tofsee Spambot – Part 3 | Network-based kill switch

In part three, we focus on using a network kill switch - causing an out-of-bounds read error, leading to Tofsee crashing.

Malware
Threat Hunting
Threat Intelligence
How To • April 06, 2023

Neutralizing Tofsee Spambot - Part 2 | InMemoryConfig store vaccine

In part two, learn about a second malware vaccine our team has produced, focused on polluting Tofsee's internal configuration store.

Malware
Threat Hunting
Threat Intelligence
How To • April 06, 2023

Understanding top-level domain (TLD) abuse helps illuminate and predict domain threat trends

The Domain Name System (DNS) is the backbone of the internet, enabling agile communication between internet entities. This blog post will focus on top-level domains (TLD), and how they can impact the security landscape.

Domain Reputation
Abused
DNS
Blog • March 23, 2023
Malware Digest February 2023

Malware Digest February 2023

Malware
Threat Intelligence
Report • March 03, 2023
Malware Digest January 2023

Malware Digest January 2023

Malware
Threat Intelligence
Report • February 03, 2023

A surge of malvertising across Google Ads is distributing dangerous malware

Recently, researchers have witnessed a massive spike affecting famous brands, with multiple malware being utilized. This is not “the norm.” Here’s what researchers are observing and a theory on this tsunami of abuse.

Malware
Phishing
Threat Intelligence
News • February 02, 2023
Annual Domain Reputation Report 2022

Annual Domain Reputation Report 2022

Domain Reputation
Threat Intelligence
Malware
Report • January 19, 2023
Domain Reputation Update Q4 2022

Domain Reputation Update Q4 2022

Domain Reputation
Threat Intelligence
Malware
Report • January 17, 2023
Botnet Threat Update, Q4 2022

Botnet Threat Update, Q4 2022

Botnet C C
Threat Intelligence
Malware
Report • January 12, 2023
Annual Botnet Threat Update 2022

Annual Botnet Threat Update 2022

Botnet C C
Threat Intelligence
Malware
Report • January 10, 2023
Malware Digest December 2022

Malware Digest December 2022

Malware
Threat Intelligence
Report • January 05, 2023

There's no such thing as a "free" app!

Downloading a free application and installing it on an internet-connected device can lead to you not being able to send email. This is because some apps allow third parties to access your device without your knowledge. These third parties then use your network connection for malicious purposes, causing your IP address to be listed as unsafe.

IP Reputation
Compromised
Abused
Blog • December 15, 2022
Malware Digest November 2022

Malware Digest November 2022

Malware
Threat Intelligence
Report • December 08, 2022

Neutralizing Tofsee Spambot – Part 1 | Binary file vaccine

The Spamhaus Malware Researchers have been busy in their lairs, reverse engineering Tofsee malware to provide you with the code required for two malware vaccines and a network-based kill switch. A hat trick of protection against this spambot! This is the first in this three-part series, and looks at how to inject a malware vaccine into the binary file.

Malware
Threat Hunting
Threat Intelligence
How To • December 07, 2022
Malware Digest October 2022

Malware Digest October 2022

Malware
Threat Intelligence
Report • November 04, 2022
Domain Reputation Update Q3 2022

Domain Reputation Update Q3 2022

Domain Reputation
Threat Intelligence
Malware
Report • October 20, 2022
Botnet Threat Update Q3 2022

Botnet Threat Update Q3 2022

Botnet C C
Threat Intelligence
Malware
Report • October 13, 2022

Dissecting the new shellcode-based variant of GuLoader (CloudEyE)

One of the Spamhaus Project's malware specialists has been battling GuLoader, attempting to analyze this tricky malware. Here they share their findings and explain how you can extract URLs from GuLoader.

Malware
Threat Hunting
IOC
How To • October 12, 2022
Malware Digest September 2022

Malware Digest September 2022

Malware
Threat Intelligence
Report • October 06, 2022
Malware Digest August 2022

Malware Digest August 2022

Malware
Threat Intelligence
Report • September 09, 2022

Introducing Spamhaus’ Quarterly Domain Reputation Update: what’s it all about? - Spamhaus Technology

In July 2022, we launch a brand new quarterly report - Spamhaus’ Quarterly Domain Reputation Update. Read this blog to discover why we've created it, the data it's based on, and what you can find in the full report.

Domain Reputation
Threat Intelligence
Malware
News • July 19, 2022
Domain Reputation Update Q2 2022

Domain Reputation Update Q2 2022

Domain Reputation
Threat Intelligence
Malware
Report • July 19, 2022
Botnet Threat Update Q2 2022

Botnet Threat Update Q2 2022

Botnet C C
Threat Intelligence
Malware
Report • July 19, 2022

The holiday hack – a reminder of why you shouldn’t always trust emails

Here’s a cautionary tale to anyone and everyone who uses email. The learning is simple: Always be vigilant, especially if its content asks you to provide personal information or click on links and download files.

Email Security
Fraud
Phishing
Blog • April 28, 2022
Botnet Threat Update Q1 2022

Botnet Threat Update Q1 2022

Botnet C C
Threat Intelligence
Malware
Report • April 20, 2022

Can you .bank on this registry for security?

Here, fTLD, the registry for .bank and .insurance top-level domains (TLDs), provides their view of how a TLD can make it simple for users to trust their interactions with websites.

Service Providers
Domain Reputation
Brand Reputation
Blog • March 23, 2022

How to avoid looking like a spammer when sending marketing emails

Here are a few key elements to abide by to ensure an ISP or blocklist provider doesn't view your marketing emails as malicious.

Deliverability
Spam
Best Practice • February 15, 2022
Botnet Threat Update Q4 2021

Botnet Threat Update Q4 2021

Botnet C C
Threat Intelligence
Malware
Report • January 20, 2022

We hope you keep ".sbs" clean, ShortDot

When a new top-level domain (TLD) is starting out, we understand that it needs to find its way to being commercially viable. But registries need to walk a fine line between profit and managing abuse on their TLD.

Service Providers
Domain Reputation
Blog • November 19, 2021

When doorbells go rogue!

Here's a story of doorbells, specific software development kits (SDKs), proxies, and miscreants using your home network to send spam.

Compromised
Abused
Spam
Blog • October 19, 2021
Botnet Threat Update Q3 2021

Botnet Threat Update Q3 2021

Botnet C C
Threat Intelligence
Malware
Report • October 14, 2021

Using OMI on Microsoft Azure? Here's an update you need to read

An easy-to-exploit security vulnerability that allows remote code execution (RCE) on virtual machines where Open Management Infrastructure (OMI) is installed has been observed. Users need to take action.

Threat Intelligence
Compromised
Malware
News • September 28, 2021

Spammer Abuse of Free Google Services

Over the past year, Spamhaus has noticed a surge in spam that abuses free resources belonging to Google. This is becoming a serious concern, because a significant and growing amount of that spam is avoiding use of IP addresses and domains belonging to spammers....

Service Providers
IP Reputation
Threat Intelligence
News • September 23, 2021
Botnet Threat Update Q2 2021

Botnet Threat Update Q2 2021

Botnet C C
Threat Intelligence
Malware
Report • July 13, 2021

Emotet Email Aftermath

At the end of January 2021, Europol announced that a coordinated group of international authorities had taken control of the Emotet botnet infrastructure. Prior to this takedown, Emotet had spread itself using previously compromised email addresses to send tens of thousands of messages with malware-laden attachments using a technique called...

Malware
Hijacking
Botnet C C
News • June 23, 2021

Wordpress compromises: What's beyond the URL?

One of the many tricks in the modern cybercriminal miscreant's toolbox is using compromised websites to evade spam filters and domain reputation systems. Whether hiding a web-based exploit or just getting a free ride on the reputation of otherwise legitimate domains, using an existing domain name has multiple benefits –...

Compromised
Website Security
Domain Reputation
Blog • May 27, 2021
Botnet Threat Update Q1 2021

Botnet Threat Update Q1 2021

Botnet C C
Threat Intelligence
Malware
Report • April 15, 2021

Emotet is disrupted, but the malware it installed lives on

The successful takedown of the Emotet C2 infrastructure announced January 27th 2021 is no small accomplishment, both from a technical point of view and for the larger safety and security of the internet as a whole. However, Emotet often drops other malware which can still work even though Emotet no...

Malware
Botnet C C
Compromised
News • January 29, 2021

Emotet infrastructure disrupted after coordinated action

On Tuesday, Jan 27, 2021, Europol announced that a coordinated group of international authorities has taken control of the Emotet infrastructure. We congratulate the authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine, who collaborated to disrupt...

Malware
Threat Intelligence
Network Security
News • January 29, 2021

Suspicious network resurrections

***UPDATE** Dec 1st 2020: A big thank you to Telia Carrier, Hurricane Electric and GTT for taking swift and positive action in shutting down the related announcements.* We believe there is a serious issue relating to the equivalent of 56 “/20” networks, with a corresponding 230k IPv4 addresses. The total...

Threat Intelligence
BGP
Service Providers
News • November 25, 2020
Botnet Threat Update: Q2 2020

Botnet Threat Update: Q2 2020

Botnet C C
Threat Intelligence
Malware
Report • July 30, 2020

Tracking Qbot

Qbot (aka Quakbot or Qakbot), is a piece of malware originally designed to enable bad actors to conduct financial fraud. This was done by intercepting traffic to the online banking systems of various banking institutions. Lately, it has been updated with worm-like features to help it...

Malware
Threat Intelligence
Email Security
Blog • July 16, 2020
Botnet Threat Update Q1 2020

Botnet Threat Update Q1 2020

Botnet C C
Threat Intelligence
Malware
Report • April 21, 2020

The Current State of Domain Hijacking, and a specific look at the ongoing issues at GoDaddy

**Domain hijacking is not a new problem, but it is one that gains strength if it is not countered effectively, and we have seen some disturbing trends in the last 6 months.** Cyber criminals are increasingly relying on legitimate and well established domains in order to carry out their maliciousness...

Domain Reputation
Threat Intelligence
Hijacking
News • April 17, 2020

Weaponizing Domain Names: how bulk registration aids global spam campaigns

In 2019, Dave led research with the Interisle Consulting Group investigating criminal domain name abuse, focused on bulk registrations. These findings emphasized the need for more stringent measures to be put in place within...

Domain Reputation
Service Providers
Threat Intelligence
News • March 31, 2020
Botnet Threat Update 2019

Botnet Threat Update 2019

Botnet C C
Threat Intelligence
Malware
Report • January 28, 2020

Estimating Emotet’s size and reach

As many of you will be aware, Emotet, one of the most dangerous botnets in operation, restarted its malicious activity on 16th September 2019. Since its resurgence, Spamhaus Malware Labs has been closely monitoring and studying Emotet’s activity. Here’s what we’ve uncovered...

Malware
Threat Intelligence
Email Security
Blog • December 12, 2019
Botnet Threat Update Q3 2019

Botnet Threat Update Q3 2019

Botnet C C
Threat Intelligence
Malware
Report • October 11, 2019
Botnet Threat Update Q2 2019

Botnet Threat Update Q2 2019

Botnet C C
Threat Intelligence
Malware
Report • July 15, 2019
Botnet Threat Update Q1 2019

Botnet Threat Update Q1 2019

Botnet C C
Threat Intelligence
Malware
Report • April 25, 2019

Emotet adds a further layer of camouflage

Most professionals within enterprise security have come across *‘Emotet'*. As its history illustrates, the criminals behind Emotet malware are cunning and quick to maximize its ‘potential.' From a basic banking Trojan to a threat distribution service, it is constantly being re-invented. This ‘constant malware improvement’ isn’t showing any sign of...

Malware
Threat Intelligence
Network Security
Blog • March 27, 2019

How to Halt the Hijackers

If you’ve read Network hijacking - the low down, you’ll be fully versed in the varied ways cybercriminals can hijack your network. In this article, we’ll be explaining how to protect against this happening to you, along with a high-level overview as to what you can do if your Internet...

Hijacking
IP Reputation
Network Security
How To • March 06, 2019

Botnet command & control domain registrations go through the roof in 2018

When Spamhaus Malware Labs observe a 40% increase in the number of domains that are being registered by cybercriminals to host a botnet command & control (C&C) it's time to understand where the threats are coming from in the top-level domains (TLDs) space and learn how you can protect against them.

Botnet C C
Domain Reputation
Service Providers
Blog • February 22, 2019

Botnet command & control malware - the highs and lows of 2018 - Spamhaus Technology

The team at Spamhaus Malware Labs detected and blocked a record number of botnet command & control (C&C). Over 10,000 in fact. Here's what was driving the increase.

Malware
Threat Intelligence
Blog • February 12, 2019
Botnet Threat Update 2018

Botnet Threat Update 2018

Botnet C C
Threat Intelligence
Malware
Report • January 28, 2019

Network hijacking - the low down

Network hijacking involves the announcing or re-routing of Internet protocol (IP) addresses without authorization from the owner of those addresses. When hijacking is done intentionally, it is usually for some type of nefarious or illegal purpose and the consequences can be far reaching for organizations whose networks are hijacked. There...

Hijacking
BGP
Network Security
Blog • January 08, 2019

A Domain-Specific Lesson from the Marriott Incident

The headlines have come thick and fast over the past few weeks in relation to the ‘Marriott Hack’. We all know the story: 500 million guest reservations from its Starwood database have been stolen. There are numerous lessons to be learned in regards to responding to this kind of incident,...

Domain Reputation
Email Security
Deliverability
News • December 12, 2018

Exploits Block List - Two Botnets Contribute to 50% Increase in Listings

If you’ve been monitoring the Exploits Block List (XBL) recently you will have noticed a significant increase in the number of listings. The past few weeks have seen a lift from approximately 10 million to 15 million listings. The question is why? Our botnet specialist explains…

DNSBL
Compromised
IP Reputation
News • October 26, 2018

How has GDPR affected Spam?

The real answer is that it is far too early to tell. Various articles currently state that "nothing has happened" as a result of GDPR or "spam has fallen slightly"; however, the true effects of GDPR providing...

Email Security
Spam
Domain Reputation
Blog • September 08, 2018

Spamhaus in the news

Read how Spamhaus Top Level Domains list continues to feature in the cyber news columns

Domain Reputation
Abused
News • July 03, 2018

Smoke Loader malware improves after Microsoft spoils its Campaign

Early this year, in March 2018, Microsoft’ Windows Defender Research Team in Redmond published some interesting insights into a massive malware campaign distributing a dropper/loader called Smoke Loader (also known as Dofoil). The main purpose of the documented campaign was to distribute a coin miner payload that is using infected...

Malware
Threat Intelligence
Threat Hunting
News • April 16, 2018
Spamhaus Botnet Threat Report 2017

Spamhaus Botnet Threat Report 2017

Botnet C C
Threat Intelligence
Malware
Report • January 08, 2018

PandaZeuS’s Christmas Gift: Change in the Encryption scheme

Spamhaus Malware Labs - Spamhaus's malware research unit - recently observed a wave of new PandaZeuS malware samples being distributed during the Christmas season. PandaZeuS, also known as Panda Banker, is an ebanking Trojan that evolved from the notorious ZeuS trojan and is being used by different threat actors to...

Malware
Threat Intelligence
IOC
Blog • December 28, 2017

Did anyone recently notice that the Spamhaus XBL just got really big?

Yes, the XBL grew by over 50%! Over the past three weeks, some of our users have noticed that the XBL (CBL) database has grown substantially in size. There are two major reasons for this. 1) Increase from the Internet of Things (IoT) There has been a substantial increase...

DNSBL
Malware
News • December 19, 2017

French government provides spam lists

The government of France provides lists of email addresses to French political candidates for them to use when sending campaign emails. Unfortunately these lists have many spamtrap addresses on them. Our spamtrap email addresses cannot have been legitimately subscribed to this list, and most assuredly do not belong to French...

Spam
Deliverability
Service Providers
News • May 30, 2017

Botnet Controllers in the Cloud

Cloud computing is popular these days. Millions of users consume computing power out of the cloud every day. Cloud computing comes with several advantages over traditional server hosting, such as scalability and quick deployment of new resources. As of January 2017, several large botnet operators appear to have discovered the...

Botnet C C
Service Providers
Malware
News • April 25, 2017
Spamhaus Botnet Summary 2016

Spamhaus Botnet Summary 2016

Botnet C C
Threat Intelligence
Malware
Report • January 17, 2017

Network Hijacking on the Rise

As we discussed in a previous article, allocations of IP addresses (IPv4 addresses) are getting hard to come by, especially for spammers. Because the IP addresses they use quickly get a bad reputation as sources of spam, spammers constantly need fresh IPs that are not yet "burned". To get around...

Hijacking
IP Reputation
Service Providers
Blog • September 26, 2016

More Domain Stats: The 10 Most Abused Registrars

Filling in The Spamhaus Project's domain panorama in our "Top-10 Worst" pages, we have added a page for The 10 Most Abused Domain Registrars. It breaks out by registrar the ratio of bad domains versus total domains as seen by our systems in the course of a rolling two-week window....

Service Providers
Domain Reputation
News • May 17, 2016

Spamhaus Presents: The World's Worst Top Level Domains

The Spamhaus Project has added a new list to its Top-10 Worst pages, this time for Top Level Domains (TLDs). This domain data is designed to complement the recent additions to our IP address data announced in a previous news blog. One must note that this list does not provide...

Domain Reputation
Service Providers
News • February 25, 2016

Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Over the past few years, spammers have sought out large ranges of IP addresses. By spreading out their sending patterns across a wide range of IP addresses, they can attempt to defeat spam filters and get spam and malware emails delivered where they are not wanted. However, IPv4 addresses are...

Service Providers
Hijacking
IP Reputation
News • February 01, 2016

Brazilian internet users suffer SoftLayer's security fail

In the summer of 2015, the number of SBL listings involving SoftLayer Technologies (an IBM company) increased rapidly, bringing Softlayer to the #1 spot on the Spamhaus Top 10 list of most problematic ISPs. This attracted a great deal of attention, because Softlayer has traditionally been a responsible ISP, and...

Malware
Threat Intelligence
Service Providers
News • October 01, 2015

Network under attack? You might be surprised where that's coming from!

About a month ago the Spamhaus Project added several new lists to its *Top-10 Worst* pages. These are in addition to our existing Top-10 lists: Worst spammers, spammer hosting nations and spammer hosting Internet Service Providers (ISPs). Every second of every hour of every day Spamhaus collects a vast quantity...

Threat Intelligence
News • September 21, 2015

Ongoing abuse problems at Nic.at and DENIC

Some of you may remember Spamhaus' dispute with Nic.at (the registry of .at ccTLD - "country code Top Level Domain") back in 2007. At that time, we saw a massive amount of the "Rock Phish" gang's phishing domain names being registered within .at for the exclusive purpose of hosting phishing...

Domain Reputation
IP Reputation
Malware
News • August 19, 2015

A Survival Guide for the Small Mail Server

Nowadays many companies and organizations (non-profits, units of governmental and educational institutions, etc) believe that running their own mail servers has become an impossible task, due both to the large amount of inbound spam and to the continuous attempts by spammers to send outbound spam...

Email Security
IP Reputation
Domain Reputation
Best Practice • March 19, 2015

In memory of Ellen

On the evening of Wednesday, 18th February 2015, The Spamhaus Project lost a long-time friend and member of its team. A spam fighter from deep in the trenches, Ellen R. was known to many in this community for her earlier role at SpamCop. Fewer knew of her contributions at Spamhaus:...

Other
News • February 20, 2015
Spamhaus Botnet Summary 2014

Spamhaus Botnet Summary 2014

Botnet C C
Threat Intelligence
Malware
Report • December 31, 2014

Stop spammers from exploiting your webserver!

For many years, speaking of "botnet spam" mainly meant speaking about compromised Windows systems. However, in the last few years this assumption is no longer entirely true. Looking at the number of distinct sources, the vast majority of emitters are still about the same as before, but looking at volumes...

Compromised
Domain Reputation
Website Security
Best Practice • December 15, 2014

Second arrest in response to DDoS attack on Spamhaus

The Spamhaus Project again offers congratulations and thanks to the law enforcement community in the matter of the massive Distributed Denial of Service (DDoS) attack perpetrated against our systems in March 2013 by a Russian-based anti-Spamhaus group...

D Do S
News • July 07, 2014

New IPv6 CIDR searching tools released: grepcidrs

Moving into IPv6 presents many, many challenges. Among the myriad tasks which are required in that transition, many IT admins and techs will find the need to search and filter IPv4 and IPv6 addresses matching CIDR patterns in data related to both those IP addressing systems. The standard tool for...

IP Reputation
News • June 20, 2014

Summer Break arrives early for Malware & Botnet Gang

After over 3-years of non-stop work stealing millions from people and companies on the internet, the cybercriminals behind the thefts will have some free time on their hands. Last week a group of Internet security organizations including the Spamhaus Project, several IT security companies, and the cybercrime departments of ten...

Malware
News • June 05, 2014

Resilans Incident Report

Report regarding the SBL listings of spam operations on Resilans AB (resilans.se). Spammer IP address space at Resilans: Spamhaus became aware of Resilans AB leasing netblocks to spam operations in August 2013. We listed those ranges and notified Resilans. Despite notification, the ranges they allocated in August were...

Spam
Service Providers
DNSBL
News • March 04, 2014

ICANN SSAC on DDoS, DNS and BCP 38

ICANN's Security and Stability Advisory Committee (SSAC) document Advisory on DDoS Attacks Leveraging DNS Infrastructure, published this week, provides a much-needed touchstone for the Internet in its current state. DDoS attacks, such as the one directed at Spamhaus last spring, continue to grow in size. Their magnitude poses a threat...

Legislation
D Do S
News • February 26, 2014

The return of the open relays

Around 1997, a company named Cyber Promotions (a/k/a Cyberpromo) was the first to start spamming Internet users on a massive scale. Cyberpromo first did this from their own mail servers, relying on their ISP's unwillingness to disconnect them. Within a short time, however, system administrators...

Email Security
Threat Intelligence
Spam
News • December 02, 2013

The DMA kicks spam up a notch

Spamming is always bad, but it is just plain foolish to spam addresses at spamhaus.org. While Spamhaus SBL listings are based on much wider views of spam than our own mailboxes, our mailboxes can tell us what we should look for. So when over the weekend the...

Spam
Deliverability
News • October 27, 2013

An arrest in response to March DDoS attacks on Spamhaus

The Spamhaus Project offers congratulations and its sincere thanks to the Dutch Public Prosecution Service (OM, the Dutch National High Tech Crime Unit (NHTCU) of the Dutch Police Services Agency (KLPD), the Spanish National Police (Catalonia branch in collaboration with the Central UDEF), and any and all other entities involved...

D Do S
News • April 26, 2013

Fake 'Spamhaus' MoneyPak Ransomware 'Blocked PC' Virus

A number of Internet users are reporting a fresh version of a ransomware virus circulated by cyber criminals which exploits the name and image of Spamhaus to trick computer users into paying fake fines using MoneyPak. Computer users should know that no authorities or organizations (including Spamhaus) use screen blocking...

Ransomware
Threat Intelligence
Network Security
News • April 16, 2013

Answers about recent DDoS attack on Spamhaus

At this time The Spamhaus Project is getting more press enquiries than we can personally respond to. Below is a list with the most frequently asked questions, along with our answers. If you are in need of any additional information please do not hesitate to contact us but we cannot...

D Do S
Network Security
News • March 28, 2013

Cooperative Efforts To Shut Down Virut Botnet

During the past few weeks, Spamhaus has worked hard to shut down a botnet called "Virut". Virut take down: Virut is a worm that spreads through removable drives such as USB sticks and network shares, but it also has file infection capabilities it uses to spread itself. Virut was first...

Malware
Service Providers
Domain Reputation
News • January 19, 2013

Spam botnets: The fall of Grum and the rise of Festi

In July 2012, FireEye in cooperation with other security organisations, such as Spamhaus, took down the Grum botnet. At that time Grum was the third largest spam-sending botnet. The event gained considerable media attention. Spamhaus worked on the takedown of the botnet by contacting...

Service Providers
Botnet C C
Malware
Blog • August 16, 2012

Spamhaus joins World IPv6 Launch day with IPv6 enabled DNSBL mirrors

On 6 June 2012 many major internet service providers (ISPs), home networking equipment manufacturers, and web companies around the world are uniting to redefine the global Internet and permanently enable IPv6 for their products and services. The Spamhaus Project endorses actions such as these to push forward the growth...

Service Providers
News • June 06, 2012

Snake oil spamming chiropractor gets cracked

Long time ROKSO-listed spammer Brian "Dr. HGH" McDaid is finally going to pay for his crimes. This week, in a Philadelphia court, US federal court Judge Stewart R. Dalzell sentenced McDaid to two years in prison and a year of probation. McDaid and his "Sili Neutraceuticals" were a real pain...

Spam
News • May 03, 2012

Russian registrar NAUNET knowingly harbours Cybercriminals

In November 2011, new terms and conditions (T&C's) for registering .ru domains were put out by the Coordination Center for the Top Level Domain RU (cctld.ru). The following paragraphs of the new T&C are important to Spamhaus' mission to fight against spam and cybercrime...

Service Providers
Domain Reputation
Botnet C C
News • March 22, 2012

Ghost Click/DNSChanger: Could ISPs have stopped it?

After the November 9, 2011 successful law-enforcement dismantling of a huge cybercrime network in an operation dubbed 'Ghost Click', questions were raised as to what Internet Service Providers (ISPs) could have been doing to protect their users, and the internet, from this botnet. So, could an ISP...

Service Providers
Malware
DNS
News • November 15, 2011

Targeting Rove Digital: Operation Ghost Click

On November 9, 2011 the FBI announced the successful dismantling of a huge cybercrime network in an operation dubbed 'Ghost Click'. The target of this joint US and Estonian law enforcement operation is the ROKSO listed gang Rove Digital]. Rove Digital ran a sophisticated operation in which malware changed the...

Malware
DNS
Threat Intelligence
News • November 09, 2011

Who's Really Paying Cybercriminals?

This week sees the arrival of LondonCyber, a conference organised by the British Government's Foreign Office and reported to have been so thoroughly stage-managed that the media have been carefully kettled away in a special media centre to ensure they are not allowed to directly interact with any of the...

Legislation
Blog • November 01, 2011

Dutch ISP Attempts False Police Report

If The Netherlands has penalties for filing false reports and wasting police time, Dutch ISP 'A2B Internet' will be looking at a hefty fine. The owner of the small Dutch transit ISP claimed on Tuesday 11 Oct to have filed a report with local police in the Dutch region of...

Service Providers
D Do S
Spam
News • October 14, 2011

Santander gets it mostly right

If one admonishes for poor practice, one should encourage better practice. On Friday we wrote about an email sent by the UK tax office the formatting of which was ill advised (see UK Tax Office Sends an Invitation to Phishers). The following Monday, Santander UK sends an email which gets...

Phishing
Deliverability
Blog • October 03, 2011

UK Tax Office Sends an Invitation to Phishers

Phishing. Broadly speaking, sending out emails which misdirect people to supply confidential information to miscreants. One such ruse in the UK has been to send out tax rebate emails purporting to come from the UK tax office, HMRC. So on Friday, in a stroke of genius, HMRC sent out the...

Phishing
Blog • September 30, 2011

Spamhaus Victory in Final Appeal in E360 Case

On the 2nd September 2011 Spamhaus was successful in its final appeal which reduced a baseless $11.7 million default judgment down to $3 (three dollars). Twice the US Court of Appeals for the Seventh Circuit vacated judgments against UK-based Spamhaus made by U.S. Federal Judge Charles Kocoras who had twice...

Spam
News • September 05, 2011

Wikileaks Mirror Malware Warning

On Monday Spamhaus became aware that the main Wikileaks website, wikileaks.org, was redirecting web traffic to a 3rd party mirror site, mirror.wikileaks.info. This new web site is hosted in a very dangerous "neighborhood", Webalta's 92.241.160.0/19 IP address space, a "blackhat" network which Spamhaus believes caters primarily to, or is under...

Malware
Threat Intelligence
Service Providers
News • December 14, 2010

Spamhaus forged (again) in malware phish attack

Spamhaus.org has been a frequent target of forged e-mails over the years and once again we're seeing a rise in those sorts of spam messages. This time email messages pretending to come from Spamhaus are a social engineering attempt ("phish") to lure victims into installing malware on their computers. Don't...

Threat Intelligence
Phishing
News • November 29, 2010

UK Threat from Cybercrime is Very Real

When it became clear that the UK's National Security Strategy (published today) would highlight "Cybersecurity" as one of the most serious threats to the United Kingdom's security, the media were most querulous. Even some of the more experienced journalists seemed to pour immediate scorn on the suggestion that computer-based crime...

Legislation
Data Exfiltration
Blog • October 18, 2010

Spamhaus Blocks Gmail? Report Was Not True.

"Spamhaus Blocks Gmail" - A catchy headline which certainly got the twitterati going. However, it wasn't true. Recently some IT websites, including Softpedia and Sucuri, erroneously issued reports of Spamhaus' SBL blocking Gmail. These reports are not true. Google's Gmail service has never been listed in, or affected by, any...

Email Security
IP Reputation
News • August 20, 2010

Canned Spammer: "The Godfather" Alan Ralsky locked up

Leaving a wake of over 12 years of criminal spamming and trillions of sent junk emails behind him, long time ROKSO-listed spammer Alan Ralsky is finally behind the walls of a US Federal Prison. After pleading guilty to multiple federal criminal charges, and after time extensions to "get his affairs...

Spam
News • March 04, 2010

State of Maine AG OKs Spam List

The idea of "opt in" is central to the legitimate, non-spam use of bulk e-mail. Without "opt in" policies, any and all e-mail addresses will be spammed relentlessly until they "opt out", and likely even after that. "Opt in" means that the recipient--the e-mail address owner--knowingly and intentionally subscribes to...

Legislation
Spam
Blog • February 03, 2010

DarkMarket "loner" soon to have many new friends

Unfortunatly for Renukanth Subramaniam, the "loner with a modest lifestyle" who helped run the secretive website where cybercriminals traded stolen credit card data, his friends will probably be fellow inmates in a Her Majesty's Prison Service institution. Subramaniam was remanded into custody in London...

Spam
News • January 15, 2010

Congratulations to CNNIC (China)

China Internet Network Information Center (CNNIC) - China's own domain regulator - last week criticised Xinnet.com and some other Chinese registrars for the excessive inaccuracy in registration information (called "Whois" data). From this week, buyers of ".cn" Country Code Top Level Domains (ccTLDs) are required to provide paperwork - such...

Service Providers
Domain Reputation
News • December 17, 2009

Comcast guarding users helps protect all of us

In October, Comcast Corporation, the USA's largest provider of high-speed Internet to private homes, announced the roll-out of its new Constant Guard security initiative. The system will provide in-browser notifications about possible virus infections. If the system detects a possible problem, a "service notice" will appear in the customer's web...

Service Providers
Malware
Compromised
News • December 07, 2009

Herbalking ringleader gets US$15 million fine

The Herbalking aftermath continues with a US federal judge ordering ringleader Lance Atkinson to pay the US Federal Trade Commission (FTC) a hefty US$15.5 million (£9.4 million). After already admitting his involvement to the New Zealand authorities last year now the FTC steps in with its findings...

Spam
News • November 30, 2009

Some Good News From Downunder

Two New Zealanders well known to Spamhaus have been fined for their roles in the biggest pharmaceutical spamming operation in the history of the internet, officials of the nation's Department of Internal Affairs (DIA) said on Monday. They were part of a business based in Christchurch that sent more than...

Spam
News • November 20, 2009

Impact on Cutwail of 3FN shutdown

There is nothing like a visual representation to show how botnet spam traffic dries up when a major eastern European run host (in this case, USA routed) of the botnet Command & Control systems (C&C) is shut down. Below is a report from the CBL botnet spam detection system on...

Malware
Botnet C C
Service Providers
Blog • June 16, 2009

PBL Update and Comparisons - April 2009

We'd like to show you what some typical broadband space looks like in terms of spam-sending bots and Policy Block List (PBL) listings. Let's sample a few chunks of IPv4 space, count the spam bots, and map them graphically to visualize what those ranges look like. These are just examples,...

DNSBL
IP Reputation
Malware
Blog • April 13, 2009

A Snowshoe Winter: Our Discontent with CAN-SPAM

Snowshoe spamming has been around for many years but during 2008 a few USA spammers honed the technique to a fine edge. It has grown rapidly for the past year and there is no indication that it will cease in the foreseeable future. As of February 2009, snowshoe spamming accounts...

Spam
Email Security
IP Reputation
News • February 25, 2009

Another one bytes the dust

Following the October 2008 shut down of the largest US based host of trojan malware, botnet command and control systems (C&Cs) and DNS changer hosts (pharming), Intercage/Atrivo, another US based network specializing in hosting similar cybercrime has been taken off the Internet. McColo is a bit different from Intercage/Atrivo in...

Service Providers
Botnet C C
DNSBL
News • November 17, 2008

Spam Kingpin's hench-woman pleads guilty

A person well known to Spamhaus, Judy Devenow, one of long time spamming kingpin and convicted felon Alan Ralsky's gang, plead guilty to conspiracy and aiding fraud in a US Federal court. She admitted she had sent millions of spam e-mails a day to generate excitement about junk stocks while...

Spam
News • October 15, 2008

HerbalKing principals indicted by FTC and New Zealand

The #1 worst spam gang on the Internet for much of 2007 and 2008, and active since at least 2005, has been indicted by the US Federal Trade Commission (FTC) in conjunction with simultaneous charges in New Zealand and possibly Australia & India. Several co-conspirators formed the HerbalKing spam gang....

Spam
Botnet C C
News • October 14, 2008

Virginia Court OKs Anonymous Spam

Or "Frea Speach," as spammers write with their notoriously bad spelling while yammering about their right to send spam. There is no right to send spam, of course, let alone anonymously. Almost a decade ago, in their decisions in AOL vs. Cyberpromo and Earthlink vs. Cyberpromo, U.S. courts of appeal...

Spam
News • September 16, 2008

Cybercrime's U.S. Home

When cybercrime is mentioned it never takes long for Russia and the Ukraine to enter the picture. However, while a lot of cybercriminals are based in those countries, a lot of their infrastructure is housed in the west, in the United States to be precise. Without exception, all of the...

Service Providers
Malware
News • August 29, 2008

Spam, Malware and FTP cracks

There is lots of spam going around with funny subjects like "Mike Tyson to Fight Michael Jackson" or "Afghanistan to be 51st US State", or other equally absurd lines designed to hook unwary recipients into clicking the URL in the spam. Unfortunately, the results of following that link are not...

Spam
Malware
Compromised
Blog • July 25, 2008

The Spammer Agora

There's been a lot of use of the term "ecosystem" in the e-mail industry lately. It's a good description of the complex environment that has grown up around Simple Mail Transport Protocol; it's no longer simple. But, like any ecosystem, it has many subsystems and niches within it. Among spammers...

Threat Intelligence
Service Providers
Botnet C C
Blog • March 16, 2008

Blackhats and Grayhats

From a discussion in a private anti-abuse industry workgroup list in November 2007 regarding the need for extensive restructuring of e-mail systems due to spam; reproduced with permission...

Service Providers
Deliverability
Spam
Blog • February 15, 2008

US Feds arrest and book ROKSO spammer Alan Ralsky

As reported by the Detroit Free Press on January 9, 2008, spammer Alan Ralsky of West Bloomfield, Michigan was brought into U.S. District Court in Detroit in handcuffs, escorted by FBI and US Postal Inspection Service agents who met him at the Detroit Metro Airport upon his return from Germany....

Spam
News • January 11, 2008

Spam King Alan Ralsky indicted

The US Department of Justice went public on January 3rd with the indictment of Alan Ralsky and 10 others who helped him. Ralsky topped our Top 10 Worst Spammers list for quite some time and was involved in almost any sort of spam activity that's being done. He and his...

Spam
News • January 03, 2008

The increasing importance of registrars in the fight against spam

Anyone remotely involved in the fight against spam has heard of the Storm worm. While Storm has used a variety of social engineering tricks to propagate, the e-card method has always been a popular one. What better a moment to send an e-card than in this holiday season? That's probably...

Service Providers
Domain Reputation
Malware
Blog • January 01, 2008

RBN as Chinese as Caviar & Borscht

When the routes to the older IP address mapped to the Russian Business network began to no longer route on the internet, Spamhaus noticed a new set of IP addresses and ASN numbers mapping into the same upstream network. The Whois data for these showed Chinese company names and .cn/.tw...

Service Providers
IP Reputation
Threat Intelligence
News • November 16, 2007

ROKSO Spammer Robert Soloway Arrested

On May 30, 2007, one of the most persistent professional spammers, Robert Alan Soloway, was indicted by a grand jury in Seattle, Washington, on charges that include fraud, money laundering, and identity theft. The indictment followed a years-long joint investigation by the Washington State Attorney General's Office, the Federal Bureau...

Spam
News • May 30, 2007

Summer Spam Suits Show Some Success

Microsoft Corporation has won what could be the largest award against a spammer in Europe thus far. Paul Fox, whose e-mail messages were intended to direct people toward his pornographic websites, was forced by a court order to pay Microsoft 45,000 pounds ($84,177) for breaching the terms and conditions of...

Legislation
Spam
News • September 08, 2006

Australian Spam Act Nails First Spammer

The Australian Communications Authority (ACA) has taken action against a spammer in the first case to be brought under Australia's Spam Act. Spammer Wayne Mansfield, listed in Spamhaus ROKSO database, is charged with sending at least 56 million commercial emails in twelve months after the Spam Act 2003 commenced in...

Spam
Legislation
News • June 23, 2005

The Threat from the Net

During two keynote speeches at the Infosecurity Europe conference at Olympia (London UK), Lord Harris of Haringey warned the UK government of the serious threat to Critical National Infrastructure posed by groups of E-vandals and criminal gangs, and the fact that the UK has neither systematic protection nor a response...

Legislation
Compromised
Blog • April 27, 2005

Increasing Spam Threat from Proxy Hijackers

Spam, now at 75% of all email traffic arriving at most ISPs mail servers, has come mainly from two types of source - either sent directly by the spammer, or sent by the spammer through a hijacked computer (proxy). For most anti-spam systems these two sources have been relatively easy...

Spam
Compromised
Abused
Blog • February 03, 2005

Jeremy Jaynes Gets 9 Years for Spamming

[Update: The 9 year sentence was overturned on appeal, the spammer did go to prison for other crimes] Jeremy Jaynes of Raleigh, North Carolina, a prolific spammer who operated using the alias 'Gaven Stubberfield' and was listed by Spamhaus' ROKSO database as being the 8th most prolific spammer in the...

Spam
News • November 04, 2004

Follow Australia!

United Nations - World Summit on the Information Society International Telecommunication Union (ITU) Geneva, Switzerland The message conveyed by the UN spam conference to the delegates from 60 countries was clear, spam in July was 76% of all email, is now costing national economies US$25 Billion a year, the problem...

Spam
Legislation
News • July 19, 2004

Spammer Arrests herald FTC Crackdown on Illegal Spamming

For many months the Spamhaus team have been working with teams from Law Enforcement Agencies in the United States and United Kingdom helping put together cases against the known spammers. We are very pleased to see arrests of spammers by the FTC now taking place, and look forward to the...

Spam
Legislation
News • April 29, 2004

United States set to Legalize Spamming on January 1, 2004

Against the advice of all anti-spam organizations, the U.S. House of Representatives has passed the CAN-SPAM Act, a bill backed overwhelmingly by spammers and dubbed the "YOU-CAN-SPAM" Act because it legalizes spamming instead of banning it. Spam King Alan Ralsky told reporters...

Legislation
Spam
Email Security
News • November 22, 2003

Spammers Release Virus to Attack Spamhaus.org

A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. The W32.Mimail.E virus is the latest in a string of viruses, each one released by spammers for the purpose of creating a vast worldwide...

Threat Intelligence
Malware
Spam
News • November 02, 2003

The Spam Definition and Legalization Game

The word Spam means "Unsolicited Bulk Email". Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. But ask a spammer and he'll claim...

Legislation
Spam
Blog • May 14, 2003

Spamming is now a Crime in Virginia

The State of Virginia on Tuesday 29th April 2003 enacted the toughest anti-spam legislation of any US State so far, imposing harsh felony penalties for sending spam to computer users through deceptive means. Spammers who send Unsolicited Bulk Email to or from Virginia with a bogus return address, or via...

Spam
Legislation
News • April 30, 2003

Europe Outlaws Spam

The European Parliament has decided to accept the Council's Common Position which would require senders of advertisements by "electronic mail" to have the recipient's prior consent. "Electronic mail" is defined broadly enough so as to include text messaging systems based on mobile telephony in addition to email. The 'opt-in' requirement...

Spam
Legislation
News • May 30, 2002