The international anti-spam organization Spamhaus Project announced that it will soon publish two new data feeds meant to better protect computer users from spam as well as botnets and other malware.
In a recent blog, the organization said the two data sets will make Spamhaus’ Domain Block List (DBL) database more effective and give it the ability for a near-zero false positive malware detection rate. DBL is a constantly updated database of spammy domains. The DBL data feed can be incorporated into mail server software which scans messages for blacklisted domains.
The organization said it will begin pushing the new DBL return codes to its DNSBL (domain names system blockhole list) mirrors and data feeds on July 1st.
“Spamhaus engineers have been busy developing new data for the Spamhaus Domain Block List (DBL) during the past several months,” the Spamhaus blog said. “Our efforts have produced several specialized subsets of the DBL data set which will provide Spamhaus DBL users with better protection against spam as well as against other cyber threats (bots and malware) which are targeting ordinary internet users every day. This new data makes DBL more effective and versatile yet maintains DBL’s goal for near zero false positives and widespread usability in production environments.”
Spamhaus was founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford for an Internet service provider, or other firm, which spams or knowingly provides service to spammers.
The first data set will address domains related to malware. The data will be similar to maware IP addresses already found in the Spamhaus Botnet Controller List (BCL). However, the new data set will focus on domain names.
Domains in the new list are “involved in spreading malware (“droppers”) or controlling botnets (“command and control” a/k/a C&C, C2).”
Spamhaus said users contacting these domains may either get infected or may already be infected with malicious software. The organization hopes that by deploying this subset of the DBL it may be possible to prevent users from becoming infected “or to find users that are already infected.”
The second data set concerns domain hosting Web sites that have been compromised or abused by spammers. Spammers typically load files onto compromised Web servers or content management systems to redirect a visitor’s browser to the spammer’s Web site. The URLs of those redirection files are sent out in spam messages.
Once a web server or CMS is compromised, spammers place a file on that website to redirect visitor’s browsers to the spammer’s website. The URL to those redirection files is then sent out in spam.
Administrators can take advantage of this new DBL data by carefully using the return codes for each distinct data set.