Home Archives Profile Subscribe
Turn Your Android Device into a Swiss Army Knife for Security
Eliminate Firewalls?

Spamhaus puts foot down HARD on Chinanet-GD

Tuesday, 22 October 2013
Cnet1

Anti-spam and block listing not-for-profit Spamhaus has added an entire /12 block of IP addresses allocated to Chinanet Guongdong Province Network (Chinanet-GD) for "Spammer, malware and botnet hosting for months. Ignoring multiple notifications sent by Spamhaus and 3rd parties". 

Drill down at the Spamhaus Advisory and you'll find 92 SBL Listings dating back to March 2010.

The rap sheet suggests this allocation is a proverbial wretched hive of scum and villainy: I counted 17 different abuses with multiple offenses for each abuse: 

ApnicComment/Forum Spam
  • Spammer hosting
  • Malware DNS server
  • Spam source
  • Snowshoe spam range
  • Botnet spammer hosting
  • Malware botnet controller
  • Phish source
  • Open relay emitting spam
  • Spammer + botnet hosting
  • Malware distribution
  • Yoyo DDoS botnet controller
  • Known repeat domain fraud spammers
  • Trojan dropper
  • Hacked server spamming
  • Worm.Dorkbot botnet controller
  • Phish redirector

This will be an interesting cleanup for Chinanet-GD. Spamhaus requires that all unresolved SBL records on behalf of CHINANET-GD must be resolved before the escalation will be removed.

Oh, and if you find evidence of spam arriving from this block in the future contact the abuse email abuse_gdnoc@189.cn

And Spamhaus.

Posted at 08:50 AM | | Comments (1)

Spotlight Posts

  • In new study Interisle Reveals Excessive Withholding of Internet WHOIS Data
    My Interisle colleagues, together with Greg Aaron, have completed an in-depth analysis of the effects of ICANN policy for WHOIS, a public lookup service that has until recently made it possible to identify who registered and controls a domain name. The European Union’s General Data Protection Regulation (GDPR), adopted in May 2018, restricted the publication of personally identifiable data in WHOIS. In response, the Internet Corporation for Assigned Names and Numbers (ICANN) established a new policy, allowing registrars and registry operators to redact (withhold) personally identifiable data from publication in WHOIS. The implementation of this policy has been widely criticized,...
  • New study: Phishing Landscape 2020
    My colleagues Greg Aaron, Dr. Colin Strutt, Lyman Chapin and I have published a new research report, Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing. The report can be found at http://www.interisle.net/PhishingLandscape2020.html Our goal in this study was to capture and analyze a large set of information about phishing attacks, to better understand how much phishing is taking place and where it is taking place, and to see if the data suggests better ways to fight phishing. We studied where phishers are getting the resources they need to perpetrate their crimes — where they obtain domain...
  • Widespread Issues with Domain Registration Accountability Have a COVID Nexus
    My Interisle partners and colleague Greg Aaron have published a detailed study that measures the effectiveness and impact of ICANN's registration data access policies and procedures. This study reveals widespread problems with access to and the reliability of domain name registration data systems (WHOIS). These failures have real-life security implications, which are being seen in the current wave of cybercrime accompanying the COVID-19 pandemic. In our Press Release I make the comment that, “The COVID-19 pandemic has led to a recent explosion of cybercrime, with thousands of new domain names using terms like ‘covid’ or ‘corona’ being used to perpetrate...
  • Report: Criminal Abuse of Domain Names, Bulk Registration and Contact Information Access
    My Interisle Consulting Group colleague, Dr. Colin Strutt and I have published a report, Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access http://interisle.net/criminaldomainabuse.html In this report, we study "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names, using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cyber criminals. We use reputation block list (RBL) data to reveal how the use of bulk registrations, coupled with the crippling of registration data access by the ICANN Temp Spec...
  • Facts & Figures: Whois Policy Changes Impair Blocklisting Defenses
    Two independently conducted studies demonstrate that the onset of masking Whois contact data has had the direct, corresponding, and ongoing effect of reducing the number of blocklisted domains, dramatically undermining the efficiency of this and other security countermeasures.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

...and the listing has been removed. That was quick!

Posted by: Brian Clark | Thursday, 24 October 2013 at 10:35 AM

The comments to this entry are closed.