Anti-spam and block listing not-for-profit Spamhaus has added an entire /12 block of IP addresses allocated to Chinanet Guongdong Province Network (Chinanet-GD) for "Spammer, malware and botnet hosting for months. Ignoring multiple notifications sent by Spamhaus and 3rd parties".
Drill down at the Spamhaus Advisory and you'll find 92 SBL Listings dating back to March 2010.
The rap sheet suggests this allocation is a proverbial wretched hive of scum and villainy: I counted 17 different abuses with multiple offenses for each abuse:
- Spammer hosting
- Malware DNS server
- Spam source
- Snowshoe spam range
- Botnet spammer hosting
- Malware botnet controller
- Phish source
- Open relay emitting spam
- Spammer + botnet hosting
- Malware distribution
- Yoyo DDoS botnet controller
- Known repeat domain fraud spammers
- Trojan dropper
- Hacked server spamming
- Worm.Dorkbot botnet controller
- Phish redirector
This will be an interesting cleanup for Chinanet-GD. Spamhaus requires that all unresolved SBL records on behalf of CHINANET-GD must be resolved before the escalation will be removed.
Oh, and if you find evidence of spam arriving from this block in the future contact the abuse email [email protected]
And Spamhaus.
...and the listing has been removed. That was quick!
Posted by: Brian Clark | Thursday, 24 October 2013 at 10:35 AM