ZeuS- and SpyEye Tracker goes Spamhaus

Today The Spamhaus Project, a well known non-profit organisation fighting cybercrime in the internet, released a new list called “Spamhaus Botnet C&C List” (BGPCC) which is implemented at the router level using the Border Gateway Protocol (BGP). I’m proud to announce that the newly launched list also contains data provided by ZeuS Tracker and SpyEye Tracker.

The list is described on Spamhaus website as follow:

The Spamhaus Botnet Command and Control (C&C) list is an advisory “drop all traffic” list consisting of single IPv4 addresses. The feed does not contain any subnets or CIDR prefixes longer than /32. The servers on these IP addresses host botnet C&C nodes. Botnet C&C nodes are servers that control the individual malware-infected computers (bots) that together form a botnet. Bots regularly contact botnet C&C nodes so that the malware on the bots can transfer stolen data to the C&C node for delivery to the botnet’s owner, and to obtain instructions for what they are to do next. Once a botnet contacts a C&C node, it receives instructions to send spam, host spammed web sites, attack other hosts on the internet, and provide name service (DNS) for the domains used in those attacks.

Reference: http://www.spamhaus.org/bgpf/

As soon as ZeuS- or SpyEye Tracker identifies a new botnet C&C, information will be sent to Spamhaus automatically which will result in a listing on Spamhaus Botnet C&C list within a few minutes. In fact this means that networks using this list are protected from malicious botnet traffic from/to botnet controllers listed on ZeuS- or SpyEye Tracker automatically and without any delay.

By providing Tracker data to Spamhaus, abuse.ch continues its fight against cybercrime and bad actors on the internet.

If you are an ISP or network provider you might want to have a look at the Spamhaus BGP feed.

*** Further reading ***

Leave a Reply

Your email address will not be published. Required fields are marked *