🔥 Pikabot and IcedID exited the Top 20 this reporting period (thanks to “Operation Endgame”), making way for two Android backdoor malware in at #7 and #19…

…find out which ones here 👇
 https://info.spamhaus.com/botnet-threat-updates

#Malware #BotnetCC #ThreatIntel

https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/796/420/140/895/225/original/87d2009dbbadb903.jpeg 

 Malicious domains with TLD .cn hold the #1 rank dominating our listed data at 92,885 domains 🤯 - this outnumbers the combined total of the other Top5 ccTLDs! 

Learn more in the latest Domain Reputation Update here 👇
https://www.spamhaus.org/resource-hub/domain-reputation/domain-reputation-update-oct-2023-mar-2024/

#ccTLD #DomainReputation #ThreatIntel

https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/326/631/357/941/658/original/661d4ddbf7e074ed.jpg 

 👀 Spot the impersonator...

When your company uses services like Cloudflare and anonymous WHOIS, how can someone differentiate between your carefully nurtured site and a "rip-off"? 

The answer? It's damn near impossible!

So what is your guess, is the real site no. 1 or no. 2?

https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/252/495/170/337/213/original/9f2e55b832047679.png 

 FINALLY, truth in advertising #SpotThePhish 🐟

https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/093/568/754/768/236/original/7b9d684ba318660b.png 

 Spamhaus researchers are observing an uptick in phishing 🎣 using the InterPlanetary File System (IPFS). 

Below is a recent example 👇 
https://urlscan.io/result/0b765eda-0095-4d1c-ba4a-e4a5ea52a6f3/

This system typically used to host simple files, can be accessed with specialized clients or via gateways.

What's most concerning is that...

❗ there are HTTP gateways you can use with your browser that look like normal URLs.
❗ there is no active side on the "server", so you get plain HTML with JavaScript.
❗ there is no server side scripting (like PHP) on IPFS to receive data.

....making it easier for adversaries to post data from the phishing site to another site on the normal web.

And, this issue is not limited to phishing but also happens for other kinds of abuse, such as malware and spam. Therefore:

➡ Gateway providers need to use and maintain a block list and share blocked IDs with each other.
➡ Hosters that host the data receiving scripts can't see the phishing site, and need to be aware that this problem exists.

#IPFS #Phishing #Malware 

 ❗REMINDER | Abuse desks, Trust & Safety Teams and Senders!

Later this month Spamhaus Blocklist (SBL) listings will be moving from www.spamhaus.org to the Spamhaus IP and Domain Reputation Checker: 

check.spamhaus.org

Make you know how listing notifications will change and where to view SBL listings - learn more here 👇 
https://www.spamhaus.org/news/article/825/spamhaus-blocklist-sbl-listings-are-moving 

#Blocklists #SBL #EmailNotifications

https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/856/731/088/771/294/original/72c5eb356f5b555e.png 

 🦆🤖 Qakbot makes a return....a not-so-welcome Christmas present!

Spamhaus researchers are observing low-volume Qakbot campaigns targeting specific business sectors. But, we do have some positive news....

Many of the observed botnet controllers are now offline, and the remaining ones are already known as rogue ISPs, and listed on the Spamhaus Extended DROP List 👉 https://www.spamhaus.org/drop/

👀 Watch this space; if anything changes, we'll keep you updated!

#Qakbot #ThreatIntel #TheDuckHuntIsBackOn

https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/606/806/252/771/987/original/58bc1307b72689aa.png