14 DAY TRIAL // A spambot targeting Chinese porn websites and a rise in the number of infected devices by the Avalanche/Gamarue botnet are behind the 50% increase of the Spamhaus Exploits Block List (XBL) during the past few weeks.
Spamhaus' XBL is a near real-time database which lists IP addresses of devices compromised and infected using various types of malware strains ranging from run-of-the-mill bots and illegal proxies to complex self-propagating worms capable of performing malvertising tasks and Trojan horses that can exfiltrate vast amounts of data.
"Approximately 25% of this increase is due to a new spambot sending out vast quantities of spam for Chinese porn web sites. We believe that this may be due to proxy software, popular in China, having a security issue," as Spamhaus reports.
"Meanwhile the other 25% increase is from the rising number of IP addresses that are being reported as infected with the Avalanche/Gamarue botnet."
5 million bots have suddenly flooded Spamhaus' XBL IP blacklist, half of them spambots and Avalanche infections
Although the Avalanche botnet infrastructure (which the Gamarue was also a part of) was taken down after a complex four-year operation of a long list of law enforcement agencies and privately-held security companies, the infected machines are still alive and kicking, compromising other devices and spreading the infection.
According to the US-CERT, "It’s estimated that Avalanche was responsible for as many as 500,000 malware-infected computers worldwide on a daily basis and dollar losses at least in the hundreds of millions as a result of that malware."
Moreover, even though there are no threat actors behind Avalanche's controls, the risk of another bad actor or APT group taking back control of this powerful crimeware-as-a-service infrastructure is very high.
The only question remaining is what or who controls the other compromised machines that suddenly appeared on Spamhaus' Exploits Block List.
Unfortunately, as Spamhaus concluded in their analysis, the 2,500,000 bots which abruptly entered the XBL are a mystery yet to be solved.