More than fifty computer networks in North America that had been dormant for a long time suddenly resumed activity.
Last week, Spamhaus discovered that 52 inactive networks in the North American region had recently restored activity, each was announced by autonomous systems with different numbers (ASNs) that had also been inactive for extended periods.According to experts, the chances that 52 organizations suddenly simultaneously returned to online mode by coincidence are almost zero. However, experts have never been able to find a connection between these networks and the ASNs that announced them, except for the fact that both have been inactive for a long period of time.
Based on the traces and pings, can be concluded that all networks are located in and around New York. The investigation showed that the BGP paths connecting the networks to their hosting include Ukrainian ASNs, and these Ukrainian companies connect the networks to the main backbones.
Although some routes were withdrawn shortly after the sudden resumption of activity, many were still in operation by the end of last week.
DROP is a text file list of CIDR blocks that have been stolen or otherwise completely controlled by spammers.
CIDR (Classless Addressing) is an IP addressing method that allows flexible management of the IP address space without using a rigid classful addressing framework. Using this method allows economical exploitation of the limited resource of IP addresses, since it is possible to apply different subnet masks to different subnets.
Check Point experts also found that the Phorpiex botnet (aka Trik) has restored its activity. Researchers have recorded a sharp increase in attacks using Phorpiex, which currently distributes Avaddon malware using spam emails.
