Custom Search

Monday, November 30, 2009

Botnet Statistics [2009-11-29]

detection period: 2009-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 3205
number of botnet IPs notified to network operators: 2962

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1764
2AR-TEAR7-LACNIC142
3BSNLNET118
4002.558.157/0001-6289
5CHINANET-GD63
6002.558.134/0001-5848
7UNICOM-SD38
8CHINANET-ZJ-WZ35
9000.065.376/0002-6532
10AR-CASA10-LACNIC31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1780
2China355
3Brazil261
4Argentina213
5India169
6Russian Federation103
7Thailand40
8Ukraine28
9Uruguay23
10Colombia22

Sunday, November 29, 2009

Botnet Statistics [2009-11-28]

detection period: 2009-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 2682
number of botnet IPs notified to network operators: 2390

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET947
2BSNLNET273
3AR-TEAR7-LACNIC139
4002.558.157/0001-62107
5002.558.134/0001-5864
6UNICOM-SD45
7RCOM40
8TATACOMM-IN37
9CHINANET-GD36
10AR-PRSA-LACNIC35

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan958
2India404
3China319
4Brazil311
5Argentina221
6Russian Federation107
7Thailand53
8Ukraine30
9Mexico23
10Colombia21

Saturday, November 28, 2009

Botnet Statistics [2009-11-27]

detection period: 2009-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 2635
number of botnet IPs notified to network operators: 2328

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET733
2BSNLNET367
3AR-TEAR7-LACNIC119
4002.558.157/0001-62117
5002.558.134/0001-5849
6UNICOM-SD47
7RCOM43
8TATACOMM-IN40
9AR-PRSA-LACNIC33
10CHINANET-GD32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan744
2India508
3China398
4Brazil336
5Argentina193
6Russian Federation108
7Thailand43
8Ukraine39
9Colombia22
10Chile18

Friday, November 27, 2009

Botnet Statistics [2009-11-26]

detection period: 2009-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 2063
number of botnet IPs notified to network operators: 1721

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET399
2AR-TEAR7-LACNIC117
3002.558.157/0001-6298
4RCOM55
5002.558.134/0001-5854
6TATACOMM-IN53
7CHINANET-GD49
8UNICOM-SD46
9AR-PRSA-LACNIC31
10UKRTELNET29

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India573
2China434
3Brazil314
4Argentina194
5Russian Federation105
6Taiwan41
7Ukraine40
8Thailand33
9Colombia24
10Uruguay21

Thursday, November 26, 2009

Botnet Statistics [2009-11-25]

detection period: 2009-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1963
number of botnet IPs notified to network operators: 1640

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET322
2AR-TEAR7-LACNIC136
3002.558.157/0001-62128
4RCOM52
5002.558.134/0001-5850
6UNICOM-SD44
7TATACOMM-IN42
8HINET-NET34
9CHINANET-GD34
10UKRTELNET31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India482
2Brazil361
3China349
4Argentina208
5Russian Federation101
6Taiwan47
7Ukraine44
8Thailand43
9Colombia27
10Mexico26

Wednesday, November 25, 2009

Botnet Statistics [2009-11-24]

detection period: 2009-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 2265
number of botnet IPs notified to network operators: 1884

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET348
2HINET-NET191
3AR-TEAR7-LACNIC150
4002.558.157/0001-62126
5CHINANET-GD111
6TATACOMM-IN52
7UNICOM-SD47
8RCOM46
9002.558.134/0001-5844
10002.449.992/0001-6432

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India514
2China427
3Brazil350
4Argentina233
5Taiwan208
6Russian Federation97
7Thailand43
8Ukraine38
9Colombia30
10Uruguay26

Tuesday, November 24, 2009

Botnet Statistics [2009-11-23]

detection period: 2009-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 2235
number of botnet IPs notified to network operators: 1846

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET325
2HINET-NET190
3AR-TEAR7-LACNIC134
4002.558.157/0001-62108
5CHINANET-GD95
6002.558.134/0001-5851
7UNICOM-SD47
8RCOM47
9TATACOMM-IN45
10AR-CASA10-LACNIC38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India490
2China435
3Brazil343
4Argentina219
5Taiwan207
6Russian Federation110
7Ukraine37
8Thailand35
9Indonesia25
10Colombia22

Monday, November 23, 2009

Botnet Statistics [2009-11-22]

detection period: 2009-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1863
number of botnet IPs notified to network operators: 1570

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET379
2BSNLNET131
3AR-TEAR7-LACNIC114
4002.558.157/0001-6273
5UNICOM-SD44
6CHINANET-GD38
7AR-PRSA-LACNIC34
8002.558.134/0001-5833
9000.065.376/0002-6530
10AR-CASA10-LACNIC29

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan402
2China332
3Brazil241
4India198
5Argentina191
6Russian Federation118
7Thailand31
8Uruguay28
9Ukraine25
10Indonesia21

Sunday, November 22, 2009

Botnet Statistics [2009-11-21]

detection period: 2009-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 2023
number of botnet IPs notified to network operators: 1709

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET516
2BSNLNET209
3AR-TEAR7-LACNIC108
4002.558.157/0001-6273
5UNICOM-SD41
6TATACOMM-IN35
7AR-CASA10-LACNIC33
8RCOM29
9HATHWAY-NET27
10000.065.376/0002-6527

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan539
2India327
3China298
4Brazil240
5Argentina178
6Russian Federation82
7Thailand42
8Ukraine24
9Uruguay20
10Indonesia19

Saturday, November 21, 2009

Botnet Statistics [2009-11-20]

detection period: 2009-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 1965
number of botnet IPs notified to network operators: 1618

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET353
2AR-TEAR7-LACNIC101
3002.558.157/0001-6281
4HINET-NET71
5CHINANET-GD61
6TATACOMM-IN60
7UNICOM-SD47
8002.558.134/0001-5841
9RCOM37
10AR-PRSA-LACNIC30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India514
2China397
3Brazil280
4Argentina176
5Russian Federation103
6Taiwan99
7Ukraine42
8Thailand40
9Colombia26
10Indonesia17

Friday, November 20, 2009

Botnet Statistics [2009-11-19]

detection period: 2009-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 2237
number of botnet IPs notified to network operators: 1867

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET351
2HINET-NET173
3CHINANET-GD143
4AR-TEAR7-LACNIC114
5002.558.157/0001-62107
6002.558.134/0001-5857
7UNICOM-SD47
8TATACOMM-IN42
9RCOM35
10HATHWAY-NET34

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India505
2China467
3Brazil341
4Taiwan200
5Argentina196
6Russian Federation108
7Ukraine48
8Thailand41
9Colombia28
10Ethiopia19

Thursday, November 19, 2009

Botnet Statistics [2009-11-18]

detection period: 2009-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 2280
number of botnet IPs notified to network operators: 1911

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET343
2BSNLNET280
3002.558.157/0001-62101
4AR-TEAR7-LACNIC95
5CHINANET-GD78
6UNICOM-SD47
7002.558.134/0001-5843
8002.449.992/0001-6440
9TATACOMM-IN37
10RCOM35

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China456
2India422
3Taiwan368
4Brazil330
5Argentina165
6Russian Federation85
7Ukraine44
8Thailand34
9Colombia31
10South Korea26

Wednesday, November 18, 2009

Botnet Statistics [2009-11-17]

detection period: 2009-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 2859
number of botnet IPs notified to network operators: 2486

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET699
2BSNLNET353
3002.558.157/0001-62119
4AR-TEAR7-LACNIC107
5CHINANET-GD68
6UNICOM-SD52
7TATACOMM-IN52
8RCOM44
9002.558.134/0001-5843
10002.449.992/0001-6433

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan728
2India526
3China518
4Brazil354
5Argentina177
6Russian Federation82
7Ukraine43
8Colombia34
9Thailand29
10United States22

Tuesday, November 17, 2009

Botnet Statistics [2009-11-16]

detection period: 2009-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2158
number of botnet IPs notified to network operators: 1794

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET323
2002.558.157/0001-62110
3AR-TEAR7-LACNIC98
4HINET-NET92
5CHINANET-GD79
6UNICOM-SD55
7RCOM43
8TATACOMM-IN39
9002.558.134/0001-5839
10AR-CASA10-LACNIC33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China574
2India458
3Brazil321
4Argentina169
5Taiwan125
6Russian Federation93
7Ukraine45
8Thailand26
9South Korea22
10Colombia19

Monday, November 16, 2009

Botnet Statistics [2009-11-15]

detection period: 2009-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 1894
number of botnet IPs notified to network operators: 1595

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET280
2BSNLNET156
3CHINANET-GD142
4AR-TEAR7-LACNIC112
5002.558.157/0001-6259
6UNICOM-SD42
7002.558.134/0001-5833
8UKRTELNET28
9AR-CASA10-LACNIC25
10UY-ANTA-LACNIC23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China454
2Taiwan304
3Brazil224
4India207
5Argentina164
6Russian Federation89
7United States72
8Ukraine42
9Thailand32
10Uruguay23

Sunday, November 15, 2009

Botnet Statistics [2009-11-14]

detection period: 2009-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 2566
number of botnet IPs notified to network operators: 2188

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD494
2HINET-NET351
3BSNLNET213
4002.558.157/0001-6281
5AR-TEAR7-LACNIC72
6UNICOM-SD46
7RCOM44
8TATACOMM-IN33
9AR-CASA10-LACNIC28
10UKRTELNET23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China882
2Taiwan381
3India344
4Brazil226
5Argentina135
6United States101
7Russian Federation75
8Ukraine33
9Thailand31
10South Korea26

Saturday, November 14, 2009

Botnet Detection with Greylisting

So how do we uncover botnets? If you google for botnet tracking, you will find that honeypots are often listed in the first page of search results. The strength of honeypots lies in their effectiveness at collecting malware binaries, which are needed to gain a deeper understanding of botnets. As I only track botnets so as to notify unsuspecting victims, and have no interest nor expertise to study the inner working of malware, honeypots are not really made for me. How to attract botnets to interact with honeypots is also a problem.

As I said before, my botnet detection strategy is to follow the spam upstream. According to the Q2/June edition of the MessageLabs Intelligence monthly report, 83.2% of all spam was sent via botnets. The fact is, botnets has accounted for more than half of global spam for several years. Isn't that convenient for us if we want to find botnets? If you manage your own mail server, and get a lot of spam every day, perhaps your server have been interacting with botnets all the time. The remaining problem, is how to identify botnet computers.

Thanks to greylisting, mail servers can easily filter out incoming spam from botnets. The SMTP engines built within malware often are not full blown SMTP servers, as malware authors tend to cut off the retry function of SMTP protocol. Greylisting takes advantage of that and is able to differentiate botnet computers from real mail servers by their lack of retry behavior. To extend from this, mail sending hosts which could not pass greylisting are very likely to be botnet computers, which are exactly what we look for.

Greylisting is a very powerful botnet tracking technique. Once a botnet computer begins to send out malicious mail, be it spam, virus or phishing mail, it will soon be detected by greylisting. If mail servers deploying greylisting could contribute their mail logs to compile the IP address list of suspected botnet computers, the useful life of botnets to cyber criminals will be greatly shortened, which will eventually lead to the demise of botnets. At least it should reduce bot-sent spam to a minimun, I hope.

I have posted my greylisting implementation, comments or questions are welcomed.

Botnet Statistics [2009-11-13]

detection period: 2009-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 2340
number of botnet IPs notified to network operators: 2021

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET376
2BSNLNET290
3CHINANET-GD263
4002.558.157/0001-6294
5AR-TEAR7-LACNIC82
6UNICOM-SD46
7TATACOMM-IN40
8RCOM38
9002.558.134/0001-5832
10HATHWAY-NET26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China593
2India426
3Taiwan399
4Brazil276
5Argentina141
6Russian Federation77
7Ukraine37
8United States32
9Thailand28
10Colombia22

Friday, November 13, 2009

Botnet Statistics [2009-11-12]

detection period: 2009-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 2922
number of botnet IPs notified to network operators: 2516

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET486
2BSNLNET340
3CHINANET-GD272
4002.558.157/0001-62122
5AR-TEAR7-LACNIC109
6UNICOM-SD55
7002.558.134/0001-5846
8TATACOMM-IN41
9UBI-BLOCK-338
10RCOM38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China766
2Taiwan516
3India488
4Brazil363
5Argentina186
6Russian Federation109
7Portugal38
8Thailand35
9Ukraine33
10Colombia25

Thursday, November 12, 2009

Botnet Statistics [2009-11-11]

detection period: 2009-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 2529
number of botnet IPs notified to network operators: 2203

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD338
2BSNLNET332
3002.558.157/0001-62116
4AR-TEAR7-LACNIC91
5UNICOM-SD70
6TATACOMM-IN50
7CHINANET-JS50
8RCOM43
9UNICOM-HA36
10CHINANET-SN35

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1002
2India486
3Brazil313
4Argentina146
5Russian Federation92
6Taiwan60
7Ukraine35
8Thailand33
9United States32
10Colombia32

Wednesday, November 11, 2009

Botnet Statistics [2009-11-10]

detection period: 2009-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 2448
number of botnet IPs notified to network operators: 2086

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD477
2BSNLNET219
3002.558.157/0001-62118
4AR-TEAR7-LACNIC70
5UNICOM-SD59
6TATACOMM-IN51
7RCOM48
8002.558.134/0001-5842
9HINET-NET34
10CHINANET-JS33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1029
2India386
3Brazil320
4Argentina133
5Russian Federation80
6Taiwan60
7United States54
8Ukraine39
9South Korea28
10Colombia27

Tuesday, November 10, 2009

Botnet Statistics [2009-11-09]

detection period: 2009-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 2312
number of botnet IPs notified to network operators: 1833

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET326
2CHINANET-GD276
3BSNLNET160
4002.558.157/0001-62101
5AR-TEAR7-LACNIC61
6UNICOM-SD57
7CHINANET-JS44
8RCOM33
9002.558.134/0001-5829
10CHINANET-SN27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China824
2Taiwan352
3Brazil272
4India270
5Argentina128
6Russian Federation70
7United States48
8Ukraine28
9Thailand26
10South Korea22

Monday, November 9, 2009

Botnet Statistics [2009-11-08]

detection period: 2009-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 1519
number of botnet IPs notified to network operators: 1265

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET341
2CHINANET-GD240
3002.558.157/0001-6242
4AR-TEAR7-LACNIC41
5CHINANET-ZJ-WZ32
6UNICOM-SD31
7BSNLNET29
8AR-PRSA-LACNIC22
9CHINANET-JS20
10UNICOM-HA19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China544
2Taiwan362
3Brazil134
4Argentina94
5India56
6United States46
7Russian Federation39
8South Korea21
9Thailand18
10Colombia15

Sunday, November 8, 2009

Botnet Statistics [2009-11-07]

detection period: 2009-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 1871
number of botnet IPs notified to network operators: 1309

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD362
2BSNLNET222
3002.558.157/0001-6265
4AR-TEAR7-LACNIC57
5UNICOM-SD45
6TATACOMM-IN37
7RCOM35
8002.558.134/0001-5833
9AR-PRSA-LACNIC28
10HINET-NET27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China708
2India345
3Brazil209
4Argentina124
5Russian Federation64
6Taiwan51
7United States32
8Ukraine25
9Colombia24
10South Korea23

Saturday, November 7, 2009

Botnet Statistics [2009-11-06]

detection period: 2009-11-06 00:00-23:59 UTC
total number of suspected botnet IPs: 2227
number of botnet IPs notified to network operators: 1661

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD452
2BSNLNET237
3AR-TEAR7-LACNIC96
4002.558.157/0001-6292
5UNICOM-SD60
6TATACOMM-IN44
7RCOM44
8002.558.134/0001-5843
9002.449.992/0001-6434
10HINET-NET32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China882
2India373
3Brazil299
4Argentina166
5Russian Federation75
6Taiwan55
7United States41
8Colombia30
9Thailand29
10Ukraine28

Friday, November 6, 2009

Botnet Statistics [2009-11-05]

detection period: 2009-11-05 00:00-23:59 UTC
total number of suspected botnet IPs: 2777
number of botnet IPs notified to network operators: 2181

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD575
2HINET-NET343
3BSNLNET209
4002.558.157/0001-62106
5AR-TEAR7-LACNIC89
6UNICOM-SD59
7002.558.134/0001-5852
8RCOM39
9CHINANET-ZJ-WZ37
10CHINANET-JS34

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1075
2Taiwan365
3India329
4Brazil320
5Argentina166
6Russian Federation82
7United States39
8Ukraine31
9Thailand29
10South Korea28

Thursday, November 5, 2009

Botnet Statistics [2009-11-04]

detection period: 2009-11-04 00:00-23:59 UTC
total number of suspected botnet IPs: 2561
number of botnet IPs notified to network operators: 1890

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD423
2HINET-NET323
3BSNLNET301
4002.558.157/0001-6297
5AR-TEAR7-LACNIC81
6UNICOM-SD48
7RCOM47
8TATACOMM-IN41
9002.558.134/0001-5839
10002.449.992/0001-6439

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China801
2India458
3Taiwan347
4Brazil322
5Argentina165
6Russian Federation67
7Ukraine44
8Thailand34
9South Korea28
10Colombia25

Wednesday, November 4, 2009

Botnet Statistics [2009-11-03]

detection period: 2009-11-03 00:00-23:59 UTC
total number of suspected botnet IPs: 2477
number of botnet IPs notified to network operators: 1887

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD424
2HINET-NET320
3BSNLNET232
4AR-TEAR7-LACNIC100
5002.558.157/0001-62100
6UNICOM-SD49
7002.558.134/0001-5844
8AR-PRSA-LACNIC33
9000.065.376/0002-6533
10CHINANET-ZJ-WZ30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China795
2Taiwan343
3India340
4Brazil329
5Argentina183
6Russian Federation76
7Ukraine32
8Colombia31
9Thailand30
10Uruguay25

Tuesday, November 3, 2009

Botnet Statistics [2009-11-02]

detection period: 2009-11-02 00:00-23:59 UTC
total number of suspected botnet IPs: 2117
number of botnet IPs notified to network operators: 1527

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD291
2BSNLNET220
3AR-TEAR7-LACNIC128
4002.558.157/0001-6269
5HINET-NET63
6UNICOM-SD54
7TATACOMM-IN51
8RCOM36
9002.558.134/0001-5835
10CHINANET-JS34

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China737
2India361
3Brazil220
4Argentina199
5Russian Federation116
6Taiwan85
7United States37
8Ukraine36
9Thailand31
10Uruguay22

Monday, November 2, 2009

Botnet Statistics [2009-11-01]

detection period: 2009-11-01 00:00-23:59 UTC
total number of suspected botnet IPs: 2176
number of botnet IPs notified to network operators: 1675

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD281
2BSNLNET166
3AR-TEAR7-LACNIC150
4002.558.157/0001-6283
5UNICOM-SD63
6HINET-NET48
7CHINANET-JS39
8AR-CASA10-LACNIC37
9CHINANET-HL36
10UY-ANTA-LACNIC34

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China860
2Brazil262
3India243
4Argentina235
5Russian Federation111
6Taiwan78
7Uruguay34
8Thailand31
9Ukraine28
10South Korea28

Sunday, November 1, 2009

Botnet Statistics [2009-10-31]

detection period: 2009-10-31 00:00-23:59 UTC
total number of suspected botnet IPs: 2835
number of botnet IPs notified to network operators: 1984

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET458
2CHINANET-GD405
3AR-TEAR7-LACNIC132
4002.558.157/0001-62105
5UNICOM-SD75
6TATACOMM-IN60
7CHINANET-JS52
8HINET-NET50
9RCOM46
10HATHWAY-NET40

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1060
2India663
3Brazil324
4Argentina208
5Russian Federation118
6Taiwan85
7Ukraine33
8Thailand30
9South Korea26
10Colombia21