Category Archives: SpamRankings.net

Anti-Spam Blocklists DDoSed Down

At least three anti-spam blocklists were taken down this week by Distributed Denial of Service (DDoS) attacks: Spamhaus, CBL, and APEWS. The first two are back up; the third is not.

The Composite Blocking List (CBL) currently has this at the top of its home page:

Important Information on Spamhaus/CBL DDOS

Commencing March 19 the CBL was hit by a very large-scale distributed denial of service attack. At the time of writing (March 21, 00:15 UTC) this attack is still ongoing.

Throughout this period the CBL DNSBL has continued to remain available through the CBL mirrors and via Spamhaus XBL (and Zen), and we’ve been doing our utmost to restore the rest.

Access to the lookup/removal page has just been restored.

The CBL rsync facility has been restored.

Email to the CBL is not working yet.

We ask for your patience while we finish restoring the rest of the CBL to service.

SpamRankings.net is receiving CBL data normally again, although yesterday’s is lost.

We never saw any interruption in data from the Passive Spam Block List (PSBL).

Spamhaus says it got a 75Gbps DDoS attack, according to Liam Tung with CSO Online (Australia) today:

Continue reading

Current security models broken; need resilience; how about reputation?

Bruce Schneier asserted yesterday that Our Security Models Will Never Work — No Matter What We Do. After detailing why he thinks that (the bad guys can get new techonology faster and have fewer restrictions on using it), he summarized:

As it gets easier for one member of a group to destroy the entire group, and the group size gets larger, the odds of someone in the group doing it approaches certainty. Our global interconnectedness means that our group size encompasses everyone on the planet, and since government hasn’t kept up, we have to worry about the weakest-controlled member of the weakest-controlled country. Is this a fundamental limitation of technological advancement, one that could end civilization? First our fears grip us so strongly that, thinking about the short term, we willingly embrace a police state in a desperate attempt to keep us safe; then, someone goes off and destroys us anyway?

If security won’t work in the end, what is the solution?

Continue reading

An Eerie Silence on Cybersecurity

Apparently it takes an alleged Chinese threat to get the New York Times to notice Internet security problems. The Times has escalated from a recent article to an editorial.

NYTimes Editorial 26 February 2013, An Eerie Silence on Cybersecurity, notes a few exceptions, and then remarks:

American companies have been disturbingly silent about cyberattacks on their computer systems — apparently in fear that this disclosure will unnerve customers and shareholders and invite lawsuits and unwanted scrutiny from the government.

In some cases, such silence might violate the legal obligations of publicly traded companies to share material information about their businesses. Most companies would tell investors if an important factory burned to the ground or thieves made off with hundreds of millions of dollars in cash.

Maybe it’s better to have a prescribed burn of released breach information than to have a factory fire of unprescribed released information.

Why don’t companies do this?

Continue reading

Companies fear reputation for bad security

As more companies come out of the closet about their Internet security being compromised, still more start to admit it. But many (perhaps most) don’t even know. Fortunately, there is a way the public can get a clue even about those companies.

Nicole Perlroth wrote for the NYTimes 20 February 2013 that corporations try to hide successful cracking of their Internet security:

Most treat online attacks as a dirty secret best kept from customers, shareholders and competitors, lest the disclosure sink their stock price and tarnish them as hapless.

However, as some companies come out of the closet about this (Twitter, Facebook, Apple, etc.) and such

revelations become more common, the threat of looking foolish fades and more companies are seizing the opportunity to take the leap in a crowd.

“There is a ‘hide in the noise’ effect right now,” said Alan Paller, director of research at the SANS Institute, a nonprofit security research and education organization. “This is a particularly good time to get out the fact that you got hacked, because if you are one of many, it discounts the starkness of the announcement.”

Now here’s the interesting part:

Continue reading

Primus dropped out of January 2013 Canada SpamRankings.net

The big winner was AS 7788 MAGMA-COMM, which dropped from #3 to #147 by decreasing from millions to less than a thousand spam messages in the January 2013 SpamRankings.net for Canada Canada. Magma had a brief spate of Kelihos spam in the middle of the month, but it only lasted less than a week. Almost as good was AS 6407 PRIMUS-AS6407, dropping from millions the previous month to a few hundred thousand, and from #6 to #11. That one while beating its Kelihos problem, seems to have developed a Cutwail problem, which was sending increasingly more spam at the end of the month. Since Magma was bought by Primus in 2004, Primus gets double congratulations!

-jsq

Belgium: Easyhost still bad, Nucleus climbing, Stone dropped out in January 2013 SpamRankings.net

Easyhost's AS 49512 tripled its spam, sending 97% of the total top 10 spam in the January 2013 SpamRankings.net for Belgium Belgium. Easyhost did start dropping in the last week. Nucleus BVBA's AS 39318 came up from nowhere to #2 with more than a million spam messages, mostly in the last week. And Stone Internet Services' AS 39234 dropped like a rock, from 9,149 spam messages last month for #8, to only 2,944 this month and #20.

-jsq

DorukNet outspammed Turkey again in January 2013 SpamRankings.net

DorukNet logo For two months in a row, DorukNet’s AS 8685 has spammed the most in the January 2013 SpamRankings.net for Turkey Turkey from CBL data. 2011 March-April, AS 8685 DORUKNET, Turkey, SpamRankings.net Before that, it was #6 in November 2012 and also #6 April 2011.

In April 2011 the problem was apparently Lethic with a max of 87,852 on 1 April 2011. DorukNet seemed to have a bit of maazben, cutwail, etc. at that time, but very little compared to Lethic.

2012 November, AS 8685 DORUKNET, Turkey, SpamRankings.net

In November 2012 the problem was apparently Kelihos with a max of 299,873 on 7 November 2012.

This recent DorukNet peak that looks like Mt. Ararat was up to 13,569,282 on 18 January 2013, apparently from darkmailer2. DorukNet is actually improving since that peak, but meanwhile it managed to increase its December spam total of 54,803,032 to 324,544,788 in January 2013.

Continue reading

January 2013 SpamRankings.net

Most worsened: AS 10297 COLUMBUSNAP US, from #91 to #6 worldwide in January 2013. Most improved: AS 48347 MTW-AS RU, from #8 to less than 250. Surprise entrant: AS 8685 DORUKNET TR. Still #1 for fourth month: AS 16276 OVH FR.

-jsq

Darkmailer2 month in Canada December 2012 SpamRankings.net

December 2012 Canada SpamRankings.net from CBL data It’s apparently Darkmailer2 month in Canada. One company got a grip on it, and two got much worse, in the December 2012 SpamRankings.net for Canada Canada.

AS 7788 MAGMA-COMM, bought in 2004 by PRIMUS Telecommunications Group, peaked in the second week and then got a grip on its darkmailer2 spamming. AS 11342 PATHWAY really gave AS 32613 IWEB-AS a run for its money; both seem to have a darkmailer2 problem. Pathway went from 2,871 spam messages seen by CBL in November 2012 to 21,593,775 in December 2012: that’s 7,521 times. However, iWeb once again won the spam-spewing month in Canada!

Congratulations to the four dropouts, especially AS 16532 ASB2B2C, which Continue reading

Dark times in Turkey in the December 2012 SpamRankings.net

#1 AS 8685 DORUKNET, #3 AS 42910 SADECEHOSTING-COM, and #5 AS 34984 TELLCOM-AS all ran up in the last two weeks, and all three show darkmailer2. December 2012 Turkey SpamRankings.net from CBL data December 2012 SpamRankings.net for Turkey Turkey.

DORUKNET sent a third of all top 10 spam from Turkey to rank number 1, but SADECEHOSTING-COM wins most worsened, for jumping up 21 ranks from 24 to 3, by sending more than 300 times as much spam as the previous month. #8 AS 39582 GRID and #9 AS 43391 NETDIREKT-TR both jumped up 25 ranks, but each managed “only” less than 100 times as much spam as last month.

AS 44922 MEDYABIM-AS gets most improved for actually going to zero, even though it had already spammed enough to keep it at #4. #6 AS 34619 tried to zero, but got to spamming again. AS 8386 KOCNET looks like it’s finally getting a grip, improving from #2 to #7, sending about a third as many spam messages as the previous month.

Special congratulations to AS 44565 VITAL for a huge improvement! Congratulations to Niobe, Dogan, and Kibris for improving. And boo to TurkNet for actually spamming more even though it got pushed down out of the top 10.

-jsq