Custom Search

Friday, December 31, 2010

Botnet Statistics [2010-12-30]

detection period: 2010-12-30 00:00-23:59 UTC
total number of suspected botnet IPs: 1839
number of botnet IPs notified to network operators: 1374
number of blocked spams: 189188
recipient count of blocked spams: 6141358

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET179
2HINET-NET157
3AR-TEAR7-LACNIC44
4RCOM42
5000.065.376/0002-6540
6TRUEBB-NET33
7TRUENET30
8002.558.134/0001-5829
9TATACOMM-IN23
10HATHWAY-NET21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India308
2China263
3Brazil200
4Taiwan164
5Russian Federation115
6Thailand109
7Argentina83
8United States54
9Ukraine50
10South Korea44

Thursday, December 30, 2010

Botnet Statistics [2010-12-29]

detection period: 2010-12-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1662
number of botnet IPs notified to network operators: 1234
number of blocked spams: 301453
recipient count of blocked spams: 10398196

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET182
2HINET-NET137
3RCOM36
4AR-TEAR7-LACNIC32
5TRUENET29
6000.065.376/0002-6527
7CAT-BB-NET25
8002.558.134/0001-5825
9CHINANET-ZJ-WZ23
10TATACOMM-IN20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India295
2China242
3Brazil173
4Taiwan146
5Russian Federation111
6Thailand100
7Argentina54
8United States48
9Kazakhstan47
10South Korea43

Wednesday, December 29, 2010

Botnet Statistics [2010-12-28]

detection period: 2010-12-28 00:00-23:59 UTC
total number of suspected botnet IPs: 1719
number of botnet IPs notified to network operators: 1275
number of blocked spams: 338707
recipient count of blocked spams: 11668355

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET215
2HINET-NET122
3000.065.376/0002-6532
4RCOM29
5HATHWAY-NET26
6AR-TEAR7-LACNIC25
7TATACOMM-IN24
8KORNET-KR23
9CHINANET-JS23
10CHINANET-GD23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India332
2China276
3Brazil166
4Taiwan133
5Russian Federation104
6Thailand81
7Argentina52
8United States48
9South Korea47
10Kazakhstan39

Tuesday, December 28, 2010

Botnet Statistics [2010-12-27]

detection period: 2010-12-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1825
number of botnet IPs notified to network operators: 1379
number of blocked spams: 338812
recipient count of blocked spams: 11648076

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET209
2HINET-NET151
3RCOM43
4CAT-BB-NET35
5TATACOMM-IN30
6AR-TEAR7-LACNIC29
7KORNET-KR27
8002.558.134/0001-5825
9000.065.376/0002-6525
10TRUENET24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India341
2China280
3Brazil170
4Taiwan161
5Russian Federation113
6Thailand105
7Argentina61
8South Korea50
9Ukraine49
10United States45

Monday, December 27, 2010

Botnet Statistics [2010-12-26]

detection period: 2010-12-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1162
number of botnet IPs notified to network operators: 823
number of blocked spams: 336277
recipient count of blocked spams: 11602651

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET128
2KORNET-KR25
3AR-TEAR7-LACNIC19
4000.065.376/0002-6519
5UNICOM-SD16
6CHINANET-GD16
7CHINANET-ZJ-WZ15
8CHINANET-JS15
9033.530.486/0001-2912
10TRUENET11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China232
2Taiwan135
3Brazil93
4Russian Federation69
5Thailand53
6South Korea45
7United States41
8Argentina38
9India37
10Ukraine34

Sunday, December 26, 2010

Botnet Statistics [2010-12-25]

detection period: 2010-12-25 00:00-23:59 UTC
total number of suspected botnet IPs: 866
number of botnet IPs notified to network operators: 594
number of blocked spams: 257664
recipient count of blocked spams: 8618884

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET96
2KORNET-KR16
3CHINANET-ZJ-WZ14
4CHINANET-JS14
5CHINANET-GD14
6UNICOM-SD13
7CHINANET-FJ10
8CO-ACSA-LACNIC9
9AKIMPOD9
10033.530.486/0001-299

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China196
2Taiwan105
3Brazil66
4Russian Federation41
5United States40
6South Korea34
7Kazakhstan28
8India24
9Poland21
10Ukraine19

Saturday, December 25, 2010

Botnet Statistics [2010-12-24]

detection period: 2010-12-24 00:00-23:59 UTC
total number of suspected botnet IPs: 922
number of botnet IPs notified to network operators: 642
number of blocked spams: 326014
recipient count of blocked spams: 11156661

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET110
2KORNET-KR18
3CHINANET-GD16
4AKIMPOD15
5CHINANET-JS13
6033.530.486/0001-2913
7UNICOM-SD12
8003.420.926/0002-0510
9CO-ACSA-LACNIC9
10CHINANET-ZJ-WZ9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China187
2Taiwan119
3Brazil76
4Russian Federation53
5United States37
6Kazakhstan36
7South Korea35
8India26
9Colombia23
10Poland21

Friday, December 24, 2010

Botnet Statistics [2010-12-23]

detection period: 2010-12-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1007
number of botnet IPs notified to network operators: 714
number of blocked spams: 321749
recipient count of blocked spams: 11084589

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD105
2HINET-NET98
3CHINANET-ZJ-WZ17
4033.530.486/0001-2914
5CHINANET-JS13
6AKIMPOD13
7UNICOM-SD12
8KORNET-KR12
9003.420.926/0002-0511
10002.558.134/0001-5811

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China271
2Taiwan110
3Brazil91
4Russian Federation52
5United States39
6Kazakhstan32
7South Korea26
8Indonesia24
9Poland23
10India23

Thursday, December 23, 2010

Botnet Statistics [2010-12-22]

detection period: 2010-12-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1261
number of botnet IPs notified to network operators: 978
number of blocked spams: 330681
recipient count of blocked spams: 11296187

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD357
2HINET-NET63
3CHINANET-ZJ-WZ27
4KORNET-KR17
5CHINANET-JS15
6033.530.486/0001-2914
7UNICOM-SD13
8003.420.926/0002-0513
9AKIMPOD11
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China553
2Brazil92
3Taiwan74
4Russian Federation47
5United States43
6South Korea32
7Kazakhstan27
8India25
9Poland23
10Ukraine21

Wednesday, December 22, 2010

Botnet Statistics [2010-12-21]

detection period: 2010-12-21 00:00-23:59 UTC
total number of suspected botnet IPs: 1103
number of botnet IPs notified to network operators: 831
number of blocked spams: 330170
recipient count of blocked spams: 11275416

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD276
2KORNET-KR16
3CHINANET-ZJ-WZ15
4033.530.486/0001-2915
5CHINANET-JS13
6UNICOM-SD12
7003.420.926/0002-0512
8AKIMPOD11
9000.065.376/0002-6511
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China442
2Brazil97
3Russian Federation56
4United States40
5South Korea35
6Poland27
7Kazakhstan26
8Colombia23
9India22
10Ukraine21

Tuesday, December 21, 2010

Botnet Statistics [2010-12-20]

detection period: 2010-12-20 00:00-23:59 UTC
total number of suspected botnet IPs: 1015
number of botnet IPs notified to network operators: 725
number of blocked spams: 326418
recipient count of blocked spams: 11134893

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD189
2KORNET-KR18
3CHINANET-ZJ-WZ15
4CHINANET-JS15
5033.530.486/0001-2914
6UNICOM-SD13
7003.420.926/0002-0512
8AKIMPOD11
9000.065.376/0002-659
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China356
2Brazil86
3Russian Federation59
4United States45
5South Korea34
6Poland26
7India25
8Kazakhstan23
9Ukraine22
10Colombia22

Monday, December 20, 2010

Botnet Statistics [2010-12-19]

detection period: 2010-12-19 00:00-23:59 UTC
total number of suspected botnet IPs: 1524
number of botnet IPs notified to network operators: 1254
number of blocked spams: 267674
recipient count of blocked spams: 8567762

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD736
2CHINANET-ZJ-WZ22
3KORNET-KR14
4UNICOM-SD13
5033.530.486/0001-2913
6003.420.926/0002-0511
7CHINANET-JS9
8AKIMPOD9
9000.065.376/0002-659
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China911
2Brazil78
3Russian Federation52
4United States39
5South Korea31
6Poland25
7Thailand22
8India22
9Ukraine21
10Kazakhstan20

Sunday, December 19, 2010

Botnet Statistics [2010-12-18]

detection period: 2010-12-18 00:00-23:59 UTC
total number of suspected botnet IPs: 1582
number of botnet IPs notified to network operators: 1314
number of blocked spams: 279726
recipient count of blocked spams: 8824478

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD765
2KORNET-KR18
3033.530.486/0001-2916
4CHINANET-ZJ-WZ15
5UNICOM-SD14
6CHINANET-JS12
7AKIMPOD11
8003.420.926/0002-0510
9RCOM9
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China933
2Brazil86
3Russian Federation55
4United States40
5South Korea36
6India29
7Poland24
8Kazakhstan24
9Ukraine22
10Colombia21

Saturday, December 18, 2010

Botnet Statistics [2010-12-17]

Taiwan, where I live, had stayed on my list of top 10 botnet countries for a long time.  It does not feel good for me to see my home country so high on the list.  Though I detected many bots in Taiwan, which showed how effective my detection was, I really wished that Taiwan could make some progress in the war against botnets.  So I am gladly surprised that Taiwan has recently dropped out of the top 10.  The number of bots detected in Taiwan daily has also reduced from more than 1000 to less than 100 now.  Great!

detection period: 2010-12-17 00:00-23:59 UTC
total number of suspected botnet IPs: 998
number of botnet IPs notified to network operators: 718
number of blocked spams: 334267
recipient count of blocked spams: 11460845

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD184
2KORNET-KR17
3CHINANET-ZJ-WZ16
4033.530.486/0001-2915
5UNICOM-SD14
6CHINANET-JS11
7003.420.926/0002-0511
8AKIMPOD10
9CO-ACSA-LACNIC9
10002.558.157/0001-629

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China342
2Brazil89
3Russian Federation60
4South Korea41
5United States39
6Colombia24
7Ukraine23
8Poland23
9Kazakhstan23
10France21

Friday, December 17, 2010

Botnet Statistics [2010-12-16]

detection period: 2010-12-16 00:00-23:59 UTC
total number of suspected botnet IPs: 1026
number of botnet IPs notified to network operators: 732
number of blocked spams: 330442
recipient count of blocked spams: 11278179

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD227
2UNICOM-SD16
3CHINANET-ZJ-WZ16
4KORNET-KR15
5033.530.486/0001-2915
6CHINANET-JS12
7003.420.926/0002-0512
8CO-ACSA-LACNIC9
9AKIMPOD8
10RCOM7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China383
2Brazil79
3Russian Federation69
4United States45
5South Korea34
6India27
7Colombia24
8Poland22
9France21
10Ukraine20

Thursday, December 16, 2010

Botnet Statistics [2010-12-15]

detection period: 2010-12-15 00:00-23:59 UTC
total number of suspected botnet IPs: 935
number of botnet IPs notified to network operators: 642
number of blocked spams: 329418
recipient count of blocked spams: 11079869

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET120
2CHINANET-ZJ-WZ24
3033.530.486/0001-2916
4UNICOM-SD15
5KORNET-KR15
6CHINANET-GD12
7CO-ACSA-LACNIC10
8CHINANET-JS10
9003.420.926/0002-0510
10CHINANET-ZJ8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China178
2Taiwan132
3Brazil78
4Russian Federation62
5United States50
6South Korea29
7India26
8Colombia26
9Poland24
10Ukraine21

Wednesday, December 15, 2010

Botnet Statistics [2010-12-14]

detection period: 2010-12-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1067
number of botnet IPs notified to network operators: 764
number of blocked spams: 325826
recipient count of blocked spams: 11145771

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET233
2KORNET-KR18
3033.530.486/0001-2917
4UNICOM-SD15
5CHINANET-ZJ-WZ12
6CHINANET-GD12
7CHINANET-JS11
8003.420.926/0002-0511
9002.558.157/0001-6211
10CO-ACSA-LACNIC10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan242
2China174
3Brazil85
4Russian Federation59
5United States45
6India30
7South Korea29
8Ukraine26
9Colombia26
10Indonesia25

Tuesday, December 14, 2010

Botnet Statistics [2010-12-13]

detection period: 2010-12-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1382
number of botnet IPs notified to network operators: 1054
number of blocked spams: 292960
recipient count of blocked spams: 9493034

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET455
2CHINANET-ZJ-WZ22
3033.530.486/0001-2918
4KORNET-KR16
5002.558.157/0001-6215
6UNICOM-SD14
7CHINANET-GD14
8CHINANET-JS13
9003.420.926/0002-0512
10CHINANET-ZJ11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan469
2China211
3Brazil103
4Russian Federation66
5United States49
6India35
7South Korea30
8Ukraine26
9Colombia25
10Poland24

Monday, December 13, 2010

Botnet Statistics [2010-12-12]

detection period: 2010-12-12 00:00-23:59 UTC
total number of suspected botnet IPs: 1325
number of botnet IPs notified to network operators: 1019
number of blocked spams: 424114
recipient count of blocked spams: 9819166

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET458
2KORNET-KR18
3CHINANET-JS17
4033.530.486/0001-2917
5CHINANET-ZJ-WZ16
6UNICOM-SD14
7CHINANET-GD13
8CHINANET-FJ13
9CO-ACSA-LACNIC10
10003.420.926/0002-0510

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan468
2China206
3Brazil84
4Russian Federation65
5United States47
6South Korea30
7Poland27
8India27
9Colombia24
10Ukraine21

Sunday, December 12, 2010

Botnet Statistics [2010-12-11]

A week ago, I still detected more than 5000 bots on December 4. This week I detected far less bots, sometimes dropped below 1000 per day. But the weekly bot count graph in Shadowserver disagrees with my statistics. Its bot count increased from around 20K to just below 80K, almost quadrupled in the past week. Considering the recent Wikileaks controversy, and the fact that I can only detect spam sending bots, I guess a large portion of those new bots are used for DDoS attacks.

detection period: 2010-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1303
number of botnet IPs notified to network operators: 989
number of blocked spams: 344381
recipient count of blocked spams: 8365799

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET429
2KORNET-KR19
3033.530.486/0001-2917
4UNICOM-SD16
5CHINANET-ZJ-WZ15
6CHINANET-JS14
7CHINANET-FJ14
8CHINANET-GD13
9002.558.157/0001-6212
10CO-ACSA-LACNIC10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan440
2China204
3Brazil87
4Russian Federation71
5United States41
6India41
7South Korea35
8Poland29
9Colombia26
10Ukraine25

Saturday, December 11, 2010

Botnet Statistics [2010-12-10]

detection period: 2010-12-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1300
number of botnet IPs notified to network operators: 1014
number of blocked spams: 246624
recipient count of blocked spams: 8033387

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET484
2CHINANET-ZJ-WZ40
3KORNET-KR19
4033.530.486/0001-2916
5002.558.157/0001-6216
6CHINANET-GD15
7UNICOM-SD14
8CHINANET-FJ12
9CHINANET-JS11
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan497
2China207
3Brazil80
4Russian Federation57
5United States42
6India38
7South Korea31
8Colombia26
9Poland24
10Ukraine23

Friday, December 10, 2010

Botnet Statistics [2010-12-09]

detection period: 2010-12-09 00:00-23:59 UTC
total number of suspected botnet IPs: 1060
number of botnet IPs notified to network operators: 796
number of blocked spams: 303095
recipient count of blocked spams: 10279527

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET312
2CHINANET-ZJ-WZ17
3KORNET-KR15
4033.530.486/0001-2915
5002.558.157/0001-6215
6UNICOM-SD13
7CHINANET-JS13
8CHINANET-GD13
9CHINANET-FJ10
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan326
2China178
3Brazil75
4Russian Federation50
5United States44
6India32
7Colombia27
8South Korea25
9Poland24
10Indonesia22

Thursday, December 9, 2010

Botnet Statistics [2010-12-08]

detection period: 2010-12-08 00:00-23:59 UTC
total number of suspected botnet IPs: 1038
number of botnet IPs notified to network operators: 796
number of blocked spams: 205843
recipient count of blocked spams: 6861150

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET394
2CHINANET-ZJ-WZ17
3033.530.486/0001-2914
4UNICOM-SD13
5CHINANET-JS12
6003.420.926/0002-0511
7KORNET-KR9
8CO-ACSA-LACNIC9
9002.558.157/0001-629
10TRUENET8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan405
2China149
3Brazil67
4Russian Federation46
5United States35
6India35
7Colombia23
8Thailand20
9South Korea19
10Indonesia19

Wednesday, December 8, 2010

Botnet Statistics [2010-12-07]

detection period: 2010-12-07 00:00-23:59 UTC
total number of suspected botnet IPs: 837
number of botnet IPs notified to network operators: 565
number of blocked spams: 261754
recipient count of blocked spams: 8807849

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET136
2CHINANET-ZJ-WZ18
3033.530.486/0001-2916
4CHINANET-JS15
5UNICOM-SD12
6003.420.926/0002-0511
7KORNET-KR10
8CHINANET-GD10
9002.558.157/0001-6210
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China155
2Taiwan148
3Brazil77
4Russian Federation52
5United States41
6Colombia27
7India25
8South Korea22
9Poland20
10Ukraine17

Tuesday, December 7, 2010

Botnet Statistics [2010-12-06]

detection period: 2010-12-06 00:00-23:59 UTC
total number of suspected botnet IPs: 1183
number of botnet IPs notified to network operators: 904
number of blocked spams: 321289
recipient count of blocked spams: 11029497

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET459
2KORNET-KR14
3UNICOM-SD13
4033.530.486/0001-2913
5CHINANET-ZJ-WZ11
6CHINANET-JS11
7003.420.926/0002-0511
8CHINANET-GD10
9000.065.376/0002-6510
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan470
2China159
3Brazil79
4Russian Federation63
5United States43
6Colombia29
7India28
8South Korea26
9Indonesia22
10Poland21

Monday, December 6, 2010

Botnet Statistics [2010-12-05]

detection period: 2010-12-05 00:00-23:59 UTC
total number of suspected botnet IPs: 1821
number of botnet IPs notified to network operators: 1456
number of blocked spams: 263606
recipient count of blocked spams: 8879125

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET514
2CHINANET-GD95
3BSNLNET40
4AR-TEAR7-LACNIC38
5KORNET-KR23
6TRUENET22
7000.065.376/0002-6522
8TRUEBB-NET18
9RCOM18
10UNICOM-SD17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan529
2China311
3Brazil144
4Russian Federation88
5Argentina86
6India85
7Thailand65
8United States47
9South Korea44
10Ukraine43

Sunday, December 5, 2010

Botnet Statistics [2010-12-04]

detection period: 2010-12-04 00:00-23:59 UTC
total number of suspected botnet IPs: 5208
number of botnet IPs notified to network operators: 4441
number of blocked spams: 286454
recipient count of blocked spams: 9322186

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET1352
2CHINANET-GD751
3HINET-NET548
4RCOM174
5TATACOMM-IN160
6AR-TEAR7-LACNIC111
7HATHWAY-NET88
8UKRTELNET74
9ALLIANCEBROADBAND53
10TRUENET51

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1921
2China1073
3Taiwan567
4Brazil270
5Russian Federation234
6Argentina171
7Thailand151
8Ukraine127
9South Korea60
10Kazakhstan59

Saturday, December 4, 2010

DDoS attacks make Wikileaks a great botnet detection system

News about Wikileaks has been flooding the media recently. Due to its controversy, Wikileaks has been under several DDoS attacks for the past week. The data volume from the biggest attack is said to be higher than 10Gbps.

This specific event looks to me like a perfect chance for botnet detection. All the botnet detection systems employing passive approaches, like the "follow the spam" strategy I currently use, face the same problem, which is "how to attract botnets to contact the system?" Wikileaks does a great job without much effort in this regards (that is, attracting botnets).

Now if Wikileaks already has in place some capable web server and reverse proxy, like lighttpd, nginx or varnish, a few scripts running on their log files will quickly produce a list of suspected zombie computers. Notifying those unsuspecting victims of what happened will help fight botnets tremendously.

Botnet Statistics [2010-12-03]

detection period: 2010-12-03 00:00-23:59 UTC
total number of suspected botnet IPs: 5295
number of botnet IPs notified to network operators: 4478
number of blocked spams: 285107
recipient count of blocked spams: 9212247

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET1206
2CHINANET-GD904
3HINET-NET489
4RCOM163
5TATACOMM-IN148
6AR-TEAR7-LACNIC104
7HATHWAY-NET103
8UKRTELNET76
9002.558.134/0001-5862
10000.065.376/0002-6557

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1777
2China1248
3Taiwan507
4Brazil355
5Russian Federation254
6Argentina176
7Thailand144
8Ukraine123
9South Korea61
10Kazakhstan50

Friday, December 3, 2010

Botnet Statistics [2010-12-02]

detection period: 2010-12-02 00:00-23:59 UTC
total number of suspected botnet IPs: 4158
number of botnet IPs notified to network operators: 3527
number of blocked spams: 178751
recipient count of blocked spams: 4835427

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET827
2HINET-NET549
3CHINANET-GD329
4RCOM174
5AR-TEAR7-LACNIC92
6TATACOMM-IN78
7HATHWAY-NET74
8UKRTELNET65
9000.065.376/0002-6551
10TRUENET47

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1295
2China639
3Taiwan567
4Brazil331
5Russian Federation253
6Argentina153
7Thailand144
8Ukraine110
9Kazakhstan55
10South Korea54

Thursday, December 2, 2010

Botnet Statistics [2010-12-01]

detection period: 2010-12-01 00:00-23:59 UTC
total number of suspected botnet IPs: 2764
number of botnet IPs notified to network operators: 1627
number of blocked spams: 296214
recipient count of blocked spams: 9520499

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET485
2BSNLNET417
3RCOM86
4AR-TEAR7-LACNIC70
5TATACOMM-IN53
6000.065.376/0002-6549
7UKRTELNET44
8HATHWAY-NET41
9002.558.134/0001-5836
10CAT-BB-NET31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India658
2Taiwan504
3China301
4Brazil249
5Russian Federation163
6Argentina122
7Thailand98
8Ukraine76
9South Korea50
10United States47

Wednesday, December 1, 2010

Botnet Statistics for November 2010

detection period: 2010-11-01 00:00 - 2010-11-30 23:59 UTC
total number of suspected botnet IPs: 40754
number of blocked spams: 10491156
recipient count of blocked spams: 347545981

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan16984
2India9719
3China3672
4Brazil1882
5Thailand1784
6Russian Federation1528
7Argentina1373
8Ukraine698
9United States272
10Belarus249
11Uruguay246
12Kazakhstan198
13South Korea171
14Ethiopia165
15Mexico145
16Indonesia145
17Germany134
18Colombia114
19Chile112
20Algeria76
21Hong Kong61
22Bulgaria61
23Poland59
24Italy56
25Iran54

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China2121950
2Brazil1302625
3Taiwan1160342
4United States722775
5Russian Federation646022
6India374273
7Colombia328955
8Thailand245807
9Germany210781
10South Korea206726
11Argentina177956
12Ukraine172465
13France169121
14Indonesia164513
15Poland162099
16Italy156307
17Mexico116290
18Philippines96926
19Turkey82025
20Saudi Arabia81639
21Iran80066
22Viet Nam79188
23United Kingdom76462
24Czech Republic76423
25Venezuela73585

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2010-11-30]

detection period: 2010-11-30 00:00-23:59 UTC
total number of suspected botnet IPs: 2303
number of botnet IPs notified to network operators: 1890
number of blocked spams: 330365
recipient count of blocked spams: 11370535

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET427
2BSNLNET307
3RCOM63
4AR-TEAR7-LACNIC57
5TATACOMM-IN39
6000.065.376/0002-6535
7002.558.134/0001-5828
8KORNET-KR27
9HATHWAY-NET25
10CAT-BB-NET24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India495
2Taiwan442
3China270
4Brazil211
5Russian Federation126
6Argentina98
7Thailand77
8United States67
9Ukraine51
10South Korea48

Tuesday, November 30, 2010

Botnet Statistics [2010-11-29]

I wrote about failure notices I got when sending notifications to CNCERT two weeks ago.  But then the problem disappeared before I had done anything about it.  I guess I was just lucky. 

I also send notifications about zombie computers in India to the CERT of India.  Unfortunately they began to reject my notifications two days ago.  I might not be so lucky this time...

detection period: 2010-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 2393
number of botnet IPs notified to network operators: 1949
number of blocked spams: 338506
recipient count of blocked spams: 11568541

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET462
2BSNLNET320
3RCOM59
4AR-TEAR7-LACNIC52
5000.065.376/0002-6536
6TATACOMM-IN35
7002.558.134/0001-5835
8TRUENET30
9KORNET-KR28
10CAT-BB-NET28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India492
2Taiwan477
3China268
4Brazil224
5Russian Federation152
6Thailand106
7Argentina102
8Ukraine60
9United States54
10South Korea48

Monday, November 29, 2010

Botnet Statistics [2010-11-28]

I decommissioned one of my vpses yesterday, as its billing period will be up today.  So I have only two detection systems in operation for the time being.  I also got hold of some domains suitable for greylisting last week.  A lot of work need to be done before I can detect botnet computers with greylisting, but I have high hope for its detection capability.

detection period: 2010-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 2428
number of botnet IPs notified to network operators: 2013
number of blocked spams: 132822
recipient count of blocked spams: 4440382

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET529
2BSNLNET363
3AR-TEAR7-LACNIC76
4UKRTELNET52
5RCOM41
6002.558.134/0001-5840
7TRUENET36
8KORNET-KR35
9000.065.376/0002-6532
10TATACOMM-IN30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan544
2India507
3China233
4Russian Federation181
5Brazil177
6Argentina135
7Thailand117
8Ukraine79
9South Korea53
10United States32

Sunday, November 28, 2010

Botnet Statistics [2010-11-27]

detection period: 2010-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1137
number of botnet IPs notified to network operators: 915
number of blocked spams: 408109
recipient count of blocked spams: 14027401

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET497
2CHINANET-GD39
3KORNET-KR15
4CHINANET-ZJ-WZ13
5000.065.376/0002-6512
6UNICOM-SD10
7CHINANET-FJ10
8033.530.486/0001-2910
9CHINANET-ZJ9
10CHINANET-JS9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan510
2China160
3Brazil72
4Russian Federation45
5United States41
6South Korea29
7India21
8Colombia20
9Germany17
10Indonesia16

Saturday, November 27, 2010

Botnet Statistics [2010-11-26]

detection period: 2010-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1169
number of botnet IPs notified to network operators: 933
number of blocked spams: 493765
recipient count of blocked spams: 16903168

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET497
2CHINANET-GD39
3000.065.376/0002-6515
4KORNET-KR13
5CHINANET-ZJ-WZ13
6UNICOM-TJ11
7UNICOM-SD10
8CHINANET-JS10
9003.420.926/0002-059
10TFN-NET8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan511
2China166
3Brazil79
4United States53
5Russian Federation49
6South Korea29
7Colombia21
8India18
9Germany18
10Indonesia15

Friday, November 26, 2010

Botnet Statistics [2010-11-25]

detection period: 2010-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1346
number of botnet IPs notified to network operators: 1089
number of blocked spams: 406644
recipient count of blocked spams: 13887642

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET507
2CHINANET-GD95
3CHINANET-ZJ-WZ19
4KORNET-KR14
5000.065.376/0002-6514
6002.558.157/0001-6211
7UNICOM-TJ10
8CHINANET-JS10
9033.530.486/0001-2910
10003.420.926/0002-0510

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan520
2China267
3Brazil87
4United States56
5Russian Federation53
6South Korea26
7India25
8Colombia24
9Poland21
10Indonesia20

Thursday, November 25, 2010

Botnet Statistics [2010-11-24]

detection period: 2010-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 1289
number of botnet IPs notified to network operators: 1046
number of blocked spams: 368519
recipient count of blocked spams: 12409409

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET519
2CHINANET-GD115
3KORNET-KR16
4CHINANET-ZJ-WZ15
5000.065.376/0002-6513
6CHINANET-JS12
7002.558.157/0001-6211
8UNICOM-SD9
9CHINANET-ZJ9
10076.535.764/0326-909

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan533
2China251
3Brazil81
4Russian Federation51
5United States46
6South Korea30
7Thailand21
8India19
9Colombia19
10Ukraine15

Wednesday, November 24, 2010

Botnet Statistics [2010-11-23]

detection period: 2010-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1367
number of botnet IPs notified to network operators: 1093
number of blocked spams: 344224
recipient count of blocked spams: 11551330

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET486
2000.065.376/0002-6526
3AR-TEAR7-LACNIC17
4TRUENET16
5CHINANET-ZJ-WZ15
6033.530.486/0001-2914
7002.558.157/0001-6214
8002.558.134/0001-5814
9KORNET-KR13
10CHINANET-GD12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan502
2China183
3Brazil130
4Russian Federation77
5Thailand47
6United States46
7Argentina40
8India35
9South Korea29
10Colombia26

Tuesday, November 23, 2010

Botnet Statistics [2010-11-22]

detection period: 2010-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 2535
number of botnet IPs notified to network operators: 2101
number of blocked spams: 373173
recipient count of blocked spams: 12470735

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET525
2BSNLNET342
3RCOM58
4AR-TEAR7-LACNIC54
5TRUENET44
6CAT-BB-NET42
7002.558.134/0001-5840
8000.065.376/0002-6537
9TATACOMM-IN36
10UNICOM-SD31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan541
2India506
3China301
4Brazil230
5Russian Federation161
6Thailand141
7Argentina102
8Ukraine63
9United States45
10Colombia33

Monday, November 22, 2010

Botnet Statistics [2010-11-21]

detection period: 2010-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 2347
number of botnet IPs notified to network operators: 1910
number of blocked spams: 384464
recipient count of blocked spams: 12692141

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET524
2BSNLNET121
3CHINANET-GD120
4AR-TEAR7-LACNIC55
5CAT-BB-NET42
6TRUEBB-NET39
7LASVEGASNETWORK38
8002.558.134/0001-5836
9UKRTELNET35
10000.065.376/0002-6531

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan543
2China408
3India196
4Brazil179
5Russian Federation160
6Thailand139
7Argentina101
8United States97
9Ukraine75
10South Korea34

Sunday, November 21, 2010

Botnet Statistics [2010-11-20]

detection period: 2010-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 3182
number of botnet IPs notified to network operators: 2697
number of blocked spams: 448414
recipient count of blocked spams: 14658745

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET509
2CHINANET-GD499
3BSNLNET352
4AR-TEAR7-LACNIC64
5RCOM60
6CAT-BB-NET48
7TATACOMM-IN45
8UKRTELNET41
9LASVEGASNETWORK39
10002.558.134/0001-5830

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China813
2India536
3Taiwan529
4Brazil216
5Russian Federation165
6Thailand132
7United States105
8Argentina104
9Ukraine90
10Indonesia35

Saturday, November 20, 2010

Botnet Statistics [2010-11-19]

detection period: 2010-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 2542
number of botnet IPs notified to network operators: 2158
number of blocked spams: 191363
recipient count of blocked spams: 5560774

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET539
2CHINANET-GD278
3BSNLNET232
4AR-TEAR7-LACNIC62
5RCOM55
6TATACOMM-IN42
7002.558.134/0001-5841
8UKRTELNET39
9CAT-BB-NET39
10000.065.376/0002-6534

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan555
2China500
3India398
4Brazil231
5Russian Federation145
6Thailand123
7Argentina104
8Ukraine79
9United States34
10Colombia33

Friday, November 19, 2010

Botnet Statistics [2010-11-18]

detection period: 2010-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 2826
number of botnet IPs notified to network operators: 2408
number of blocked spams: 231663
recipient count of blocked spams: 7558923

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET532
2HINET-NET512
3AR-TEAR7-LACNIC75
4RCOM70
5TATACOMM-IN61
6HATHWAY-NET46
7002.558.134/0001-5846
8000.065.376/0002-6537
9TRUEBB-NET34
10CAT-BB-NET33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India766
2Taiwan528
3China317
4Brazil261
5Russian Federation156
6Argentina125
7Thailand117
8Ukraine64
9United States43
10Colombia38