Tagbotnet

Botnet activity warning

A bit of advice from the folks at the CBL, posted with permission and some light editing. I’ve been seeing some folks report longer connection times at some places, and this might explain some of it. It’s certainly possible, even likely, that the large ISPs are getting a lot of this kind of traffic. A botnet, likely a variant of cutwail, has been for the past several years been...

Malicious email terms defined.

Legitimate mailers need to distinguish themselves from spammers. One important piece of that is knowing what spammers do. SendGrid has put together some information on common scams and techniques spammers use to get email delivered. Some of these terms, like doxxing and swatting, are not specifically email related. However, they are used against people who are fighting abuse on the Internet...

Botnet herder / spam kingpin arrested

Via Krebs on Security, a russian named Pyotr Levashov has been arrested in Spain. According to news reports (NY Times, Reuters) the arrest happened in response to a warrant issued by the US, but no details were given as to what he was being charged with. The DoJ says the case is currently under seal and will not comment on charges. There is widespread agreement that this person is involved in...

March 2017: The Month in Email

It’s that time again… here’s a look at our last month of blog posts. We find it useful to recap each month, both to track trends and issues in email delivery and to provide a handy summary for those who aren’t following along breathlessly every single day. Let us know if you find it useful too! As always, I wrote about email filters. It’s so important to recognize that filters aren’t arbitrary...

What about the botnets?!

Botnets are a huge problem for a number of reasons. Not only are they used to send spam, they’re also used in criminal activities. One of the major challenges in dealing with botnets is finding and stopping the people who create and use them. Why? Because the internet is global and crime tends to be prosecuted within local jurisdictions. Catching someone running a botnet, or involved in...

Following the SMTP rules

An old blog post from 2013, that’s still relevant today. “Blocked for Bot-like Behavior” An ESP asked about this error message from Hotmail and what to do about it. “Bot-like” behaviour usually means the sending server is doing something that bots also do. It’s not always that they’re spamming, often it’s a technical issue. But the technical problems make the sending server look like a bot...

Port25 blocking

A number of hosting providers are blocking outgoing port25. This has implications for a lot of smaller senders who either want to run their own mail server or who use SMTP to send mail to their ESP. What is port25 Port25 is the designated email sending channel. Much like websites are on port80 (or 8080) and DNS is on port53, email is sent over port25. Mostly. Why block Port25 Port25 blocking is a...

CASL botnet take down

The CRTC served its first ever warrant as part of an international botnet takedown. The warrant was to take down a C&C (command and control) server for Win32/Dorkbot. International efforts to take down C&C servers take a lot of effort and work and coordination. I’ve only ever heard stories from folks involved but the scale and work that goes into these take downs is amazing. Bots...

What happened with the CBL false listings?

The CBL issued a statement and explanation for the false positives. Copying it here because there doesn’t seem to be a way to link directly to the statement on the CBL front page. November 24, 2015 Widespread false positives Earlier today, a very large scale Kelihos botnet event occured – by large scale, many email installations will be seeing in excess of 20% kelihos spam, and some...

Increase in CBL listings

Update: As of Nov 24, 2015 11:18 Pacific, Spamhaus has rebuilt the zone and removed the broken entries. Expect the new data to propagate in 10 – 15 minutes. Delivery should be back to normal. The CBL issued a statement, which I reposted for readers that find this post in the future. I think it’s important to remember there is a lot of malicious traffic out there and that malicious...

Recent Posts

Archives

Follow Us