Custom Search

Sunday, February 7, 2016

Botnet Statistics for January 2016

detection period: 2016-01-01 00:00 - 2016-01-31 23:59 UTC
total number of suspected botnet IPs: 29277
number of blocked spams: 178591
recipient count of blocked spams: 2142408

The vps I use for data file backup disappeared around Jan 21, so I lost about 2/3 of the data needed for calculating number of blocked spams and recipient count of blocked spams (botnet IPs are unaffected by this). That is the reason why they seem to be much less this month.

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China22551
2Viet Nam2056
3Taiwan1303
4India367
5Mexico315
6United States298
7Brazil287
8Russian Federation244
9Ukraine177
10Indonesia124
11Argentina112
12Turkey110
13Romania95
14Iran83
15Kazakhstan67
16Poland56
17Germany55
18Thailand52
19South Korea50
20Colombia42
21Canada42
22France40
23Hong Kong36
24Bulgaria36
25Azerbaijan34

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1Brazil145299
2United States9023
3Taiwan6951
4China4373
5Mexico3018
6Hong Kong1822
7Viet Nam1004
8Colombia984
9Chile867
10Argentina836
11Thailand774
12India691
13Turkey433
14Bolivia337
15Russian Federation312
16Israel293
17France272
18Spain209
19Macau155
20Panama144
21Romania109
22Indonesia109
23Venezuela87
24Malaysia78
25Italy72

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Suspected Bot List [2016-02-07]

detection period: 2016-02-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ES88.7.109.9Spain
UY179.27.78.58Uruguay

List from greylisting:

country codeIP addressCountry
AR181.14.245.234Argentina
AR181.47.140.163Argentina
AR186.19.140.136Argentina
AR190.210.204.15Argentina
AR200.41.178.234Argentina
AR200.127.12.24Argentina
AZ91.135.252.132Azerbaijan
AZ91.135.255.133Azerbaijan
AZ95.86.185.220Azerbaijan
BG78.90.2.109Bulgaria
BO186.27.126.130Bolivia
CR201.202.246.162Costa Rica
EG193.227.49.83Egypt
ID103.254.105.98Indonesia
ID202.162.214.116Indonesia
ID202.162.219.83Indonesia
IL213.57.90.10Israel
IN59.90.111.127India
IN117.218.50.134India
IN117.244.15.243India
IN120.61.34.22India
IN182.69.103.130India
IN203.192.212.52India
IN203.194.109.142India
IN218.248.13.199India
RO92.81.230.121Romania
RO92.85.190.55Romania
TR109.235.251.130Turkey
ZW41.220.28.138Zimbabwe

Botnet Statistics [2016-02-07]

detection period: 2016-02-07 00:00-23:59 UTC
total number of suspected botnet IPs: 1148
number of botnet IPs notified to network operators: 1117
number of spam blocked: 63513
recipient count of spam blocked: 1864222

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET637
2MX-MSCV17-LACNIC42
3VNPT-VNNIC-VN23
4VIETEL-VN10
5CHINANET-ZJ10
6MRHOSTBIZ-NET9
7ALISOFT9
8CHINANET-JS8
9002.558.157/0001-628
10CHINANET-SC7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan642
2China101
3Viet Nam56
4Mexico50
5Russian Federation40
6United States38
7Brazil29
8Ukraine17
9Thailand17
10India15