Ultimately, computers communicate IP to IP. This fact allows Spamhaus security researchers to trace communications between C&C server IP addresses and botnet nodes. Using passive DNS data, they can observe links between botnets and malware dropper domains, even where fast-flux is being employed to obscure individual IP addresses.
Spamhaus Technology offers Spamhaus’ near real-time threat intelligence in the form of response policy zones (RPZ); Border Gateway Protocol feeds (BGPf); Composite Block Lists (CBL); Exploits Block Lists (XBL); and passive DNS feeds used by security researchers.
Spamhaus Technology RPZs prevent DNS resolution to malware download sites, mitigate phishing risks and disrupt connections between infected devices and C&C servers and prevent data egress.
Using Spamhaus Technology BGPf, network managers can quickly and simply block communication with IPs involved in the most dangerous cybercrime and stop DDoS attacks in progress.
Spamhaus Technology CBL identifies single IP addresses that are part of botnet infrastructure; exhibit characteristics of open proxies; or are infected with botnet malware.
Spamhaus Technology XBL provides network managers and security managers with real-time data on devices on their networks that have been compromised and used for illegal third party exploits, enabling malware removal and remediation. XBL draws on Spamhaus’ real-time intelligence on spam sources and is the primary distribution zone for CBL data.
Spamhaus passive DNS is a resource for security researchers, enabling them to query the Spamhaus research data to identify new malware download sites, botnet C&Cs and DDoS sources and investigate and combat zero day threats, spamming and phishing campaigns.
Our constantly updated global data provide a rich source of threat intelligence on malicious domains and IP addresses that are the engines of global spam and cybercrime: providing you with another layer of defence to your networks.
Sign up for your 30 day trial