Spamahaus, a leader in providing spam blacklists for nearly 15 years, has released a new tool for ISPs and network providers. The Botnet C&C list offers a list of IP addresses known to host command and control servers. These C&C servers control the infected computers that make up botnets and spew out millions of spam messages a day. ISPs can import those addresses into their router configurations, which results in those servers being blocked from contacting any zombies that may be on their network. This protects the end user, the network and the internet at large since the botnet will not be able to pump out spam if it can’t direct its zombies to do so. Spamhaus explained further in a post on their website:
“When installed in a router’s DENY table, the Botnet C&C list prevents any communication between that router and the IPs on the list. If installed on all routers for a network, this in turn blocks communication between botnet controllers and any bots on that network. The botnet owners are unable to contact any bots on the network, and therefore cannot receive stolen information or give those bots instructions. In other words, the Botnet C&C list prevents loss of sensitive information that can be used in identity theft, and use of the bots on that network to spam or commit crimes.”
Spamhaus also released an extended DROP list. DROP (Don’t Route or Peer) lists provide network providers with lists of all known stolen or otherwise compromised netblocks being used by spam gangs and other cybercriminals. The EDROP list provides additional information, the IPs of all suballocated netblocks being controlled by cybercriminals and professional spam gangs. The regular DROP list only provides info on netblocks directly allocated by an established Regional Internet Registry or National Internet Registry. This information can help ISPs and network providers more effectively protect against malicious traffic.