Spamhaus Releases Botnet C&C List

Written by Sue Walsh on June 22, 2012

Credit: Spamhaus.org

Spamahaus, a leader in providing spam blacklists for nearly 15 years, has released a new tool for ISPs and network providers. The Botnet C&C list offers a list of IP addresses known to host command and control servers. These C&C servers control the infected computers that make up botnets and spew out millions of spam messages a day. ISPs can import those addresses into their router configurations, which results in those servers being blocked from contacting any zombies that may be on their network. This protects the end user, the network and the internet at large since the botnet will not be able to pump out spam if it can’t direct its zombies to do so.  Spamhaus explained further in a post on their website:

“When installed in a router’s DENY table, the Botnet C&C list prevents any communication between that router and the IPs on the list. If installed on all routers for a network, this in turn blocks communication between botnet controllers and any bots on that network. The botnet owners are unable to contact any bots on the network, and therefore cannot receive stolen information or give those bots instructions. In other words, the Botnet C&C list prevents loss of sensitive information that can be used in identity theft, and use of the bots on that network to spam or commit crimes.”

Spamhaus also released an extended DROP list. DROP (Don’t Route or Peer) lists provide network providers with lists of all known stolen or otherwise compromised netblocks being used by spam gangs and other cybercriminals. The EDROP list provides additional information, the IPs of  all suballocated netblocks being controlled by cybercriminals and professional spam gangs. The regular DROP list only provides info on netblocks directly allocated by an established Regional Internet Registry or National Internet Registry. This information can help ISPs and network providers more effectively protect against malicious traffic.

Comments

Alan Ellison June 22, 2012

This seems like an amazing breakthrough in the fight against botnets. But then, I imagine that it could be worked around simply enough by reassigning an IP address, and if too wide of a block is put down by ISPs, then you start seeing parts of the internet no long able to communicate with other parts, and that just seems like the first or second dangerous domino to fall. Still, it’s an incredible resource and I hope to see it used cleverly.

Pingback: Digital Forensics, Inc. | SPAMHAUS Releases BOTNET Command & Control (C&C) List

Eli Payne June 28, 2012

It’s interestng to note how many IPs are in those list, not just for blocking them, but also to monitor their activities and get a better feel of how they operate. Then when, this list gets propagated and used by more network administrators, it would be interesting to see how the response from the spammers side on the drop of activity. Any law enforcement person should know that behavioural analysis of criminals, even for white collar crimes, pay. Knowing how a person or entity operates is a step closer towards nabbing them, and prosecuting them.

But, then again, I never really believed that the law enforcement agencies going against spammers have enough focus and sophistication on their intelligence and prosecution. And the recent round of prosecutions have not changed my mind yet.

  • (required)
  • (required)