Spamhaus November malware report

[Infrasonic]

https://info.spamhaus.com/monthly-malwa ... 8164692992

This month saw an increase in active malware distribution sites across Central Europe. New October entrant ShadowPad dominated the ThreatFox Top 15s with a +459.82% increase. Meanwhile, YARAify scanned over 8 million distinct files! Read the full report here.

Cont.

[Infrasonic]

https://blog.cloudflare.com/radar-2023-year-in-review

[Infrasonic]

https://www.eff.org/deeplinks/2023/12/2023-year-review

[didds]

Spoanhaus has possibly also upped, and continues to up, their thresholds for blocking. No names, no pack drill but I am aware of a NATTED Ip (ie globally visible) that has been used for years with no problems, supporting a mature service with no configuration changes in all that time, which has three times in the past month been blocked by Spamhaus. Each time it is because the mature configuration has been deemed incorrect for a very minor issue - issues that as per the above have been existing (inherited legacy systems etc) and working for years.

Aside from the hassle that such blocking brings, Spamhaus seems intent on enforcing every minor requirement one by one globally. Meanwhile multiple other blacklisting agencies continued to mark that IP as "good".

[Infrasonic]

)... that has been used for years with no problems, supporting a mature service with no configuration changes in all that time, which has three times in the past month been blocked by Spamhaus. Each time it is because the mature configuration has been deemed incorrect for a very minor issue - issues that as per the above have been existing (inherited legacy systems etc) and working for years.

Aside from the hassle that such blocking brings, Spamhaus seems intent on enforcing every minor requirement one by one globally. Meanwhile multiple other blacklisting agencies continued to mark that IP as "good".

Malware has been increasing exponentially in its sophistication, there are more and more active zero day threats going live, not less.
What was deemed 'acceptable' even two years ago won't hack it today from a networking standpoint - as I posted in the IONOS thread WRT minimum email authentication thresholds tightening.

The biggest volume DDoS attack ever seen by Cloudflare (the biggest CDN) was generated by a less than 20K machine botnet in 2023. The protagonists managed to get the latency down to some impressively small number which enabled a highly efficient attack.

https://www.youtube.com/@_JohnHammond/videos
https://www.youtube.com/@Huntress/videos

[didds]

thats all fair and reasonable of course - but it doesn't explain why Spamhaus appears to be the only blacklister that seems bovvered...

[Infrasonic]

Whenever I've had Spamhaus IP address listings with my domain/email host they've been sorted out pretty quickly as they will effect deliverability.

If Spamhaus lacked credibility then the services that use their lists to shape their IP address filtering would ignore them - as they do with some of the more tin pot sole trader type lists with 'paid removal' services - where being persistently on their lists seems to make zero difference and written correspondence with my host has confirmed they don't bother delisting with them any more as they consider them inconsequential parasites (I'm paraphrasing...).