Daily Botnet Statistics: July 2010

Saturday, July 31, 2010

Botnet Statistics [2010-07-30]

detection period: 2010-07-30 00:00-23:59 UTC
total number of suspected botnet IPs: 849
number of botnet IPs notified to network operators: 841
number of blocked spams: 93588
recipient count of blocked spams: 965054

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	428
2	CHINANET-GD	269
3	TFN-NET	105
4	CHINANET-ZJ-WZ	15
5	KORNET-KR	2
6	CHINANET-HB	2
7	XDSLSTREAMYX	1
8	VE-TCCA-LACNIC	1
9	UA-PODOL	1
10	TeLi	1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	533
2	China	291
3	Brazil	3
4	Russian Federation	2
5	Malaysia	2
6	South Korea	2
7	Italy	2
8	Germany	2
9	Venezuela	1
10	Ukraine	1

Friday, July 30, 2010

Botnet Statistics [2010-07-29]

detection period: 2010-07-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1251
number of botnet IPs notified to network operators: 1246
number of blocked spams: 114003
recipient count of blocked spams: 1576775

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	924
2	CHINANET-GD	202
3	TFN-NET	93
4	CHINANET-ZJ-WZ	16
5	UK-POUNDHOST-20090629	1
6	SCHLUND-CUSTOMERS	1
7	RELSOFT-209	1
8	PIRADIUS-NET	1
9	IR-DIBATELECOM-20080715	1
10	EE-ESTPAK	1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1017
2	China	222
3	Russian Federation	1
4	Malaysia	1
5	Republic Of Moldova	1
6	Iran	1
7	United Kingdom	1
8	Estonia	1
9	Dominican Republic	1
10	Germany	1

Thursday, July 29, 2010

Botnet Statistics [2010-07-28]

detection period: 2010-07-28 00:00-23:59 UTC
total number of suspected botnet IPs: 989
number of botnet IPs notified to network operators: 984
number of blocked spams: 69376
recipient count of blocked spams: 767218

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	597
2	CHINANET-GD	260
3	TFN-NET	102
4	CHINANET-ZJ-WZ	14
5	UK-POUNDHOST-20090629	1
6	SCHLUND-CUSTOMERS	1
7	RELSOFT-209	1
8	PIRADIUS-NET	1
9	IR-DIBATELECOM-20080715	1
10	EE-ESTPAK	1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	699
2	China	278
3	Russian Federation	1
4	Malaysia	1
5	Republic Of Moldova	1
6	Iran	1
7	United Kingdom	1
8	Estonia	1
9	Dominican Republic	1
10	Germany	1

Wednesday, July 28, 2010

Botnet Statistics [2010-07-27]

detection period: 2010-07-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1160
number of botnet IPs notified to network operators: 1027
number of blocked spams: 103831
recipient count of blocked spams: 1122896

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	341
2	TFN-NET	189
3	RITELE	164
4	CHINANET-ZJ-WZ	27
5	AR-TEAR7-LACNIC	18
6	000.065.376/0002-65	15
7	TRUEBB-NET	10
8	CAT-BB-NET	10
9	UESTC-CN	9
10	RCOM	9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	630
2	Taiwan	201
3	Brazil	66
4	Argentina	44
5	Thailand	35
6	Russian Federation	27
7	India	25
8	Colombia	17
9	Indonesia	12
10	United States	10

Tuesday, July 27, 2010

Botnet Statistics [2010-07-26]

detection period: 2010-07-26 00:00-23:59 UTC
total number of suspected botnet IPs: 2443
number of botnet IPs notified to network operators: 2222
number of blocked spams: 92824
recipient count of blocked spams: 1213678

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	668
2	CHINANET-GD	527
3	RITELE	255
4	TFN-NET	193
5	BSNLNET	59
6	AR-TEAR7-LACNIC	50
7	000.065.376/0002-65	27
8	RCOM	24
9	002.558.134/0001-58	21
10	CHINANET-ZJ-WZ	17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	924
2	Taiwan	865
3	Brazil	142
4	India	111
5	Argentina	96
6	Russian Federation	54
7	Thailand	51
8	Colombia	21
9	United States	17
10	Ukraine	17

Monday, July 26, 2010

Botnet Statistics [2010-07-25]

detection period: 2010-07-25 00:00-23:59 UTC
total number of suspected botnet IPs: 2936
number of botnet IPs notified to network operators: 2737
number of blocked spams: 111224
recipient count of blocked spams: 2010951

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1303
2	CHINANET-GD	375
3	RITELE	258
4	TFN-NET	130
5	BSNLNET	101
6	AR-TEAR7-LACNIC	45
7	RCOM	28
8	000.065.376/0002-65	23
9	002.558.134/0001-58	18
10	CHINANET-ZJ-WZ	17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1439
2	China	824
3	India	161
4	Brazil	115
5	Argentina	80
6	Thailand	47
7	Russian Federation	38
8	United States	28
9	Indonesia	19
10	Colombia	19

Sunday, July 25, 2010

Botnet Statistics [2010-07-24]

detection period: 2010-07-24 00:00-23:59 UTC
total number of suspected botnet IPs: 3813
number of botnet IPs notified to network operators: 3451
number of blocked spams: 115901
recipient count of blocked spams: 2665804

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	756
2	HINET-NET	597
3	TFN-NET	379
4	CHINANET-GD	353
5	RITELE	278
6	AR-TEAR7-LACNIC	112
7	RCOM	89
8	TATACOMM-IN	78
9	HATHWAY-NET	58
10	ALLIANCEBROADBAND	38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1071
2	Taiwan	985
3	China	878
4	Brazil	218
5	Argentina	176
6	Thailand	74
7	Russian Federation	73
8	Indonesia	30
9	South Korea	25
10	Uruguay	24

Saturday, July 24, 2010

Botnet Statistics [2010-07-23]

detection period: 2010-07-23 00:00-23:59 UTC
total number of suspected botnet IPs: 4801
number of botnet IPs notified to network operators: 4359
number of blocked spams: 123405
recipient count of blocked spams: 3356624

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1324
2	BSNLNET	813
3	CHINANET-GD	653
4	RITELE	210
5	TFN-NET	149
6	RCOM	108
7	AR-TEAR7-LACNIC	89
8	TATACOMM-IN	71
9	HATHWAY-NET	63
10	002.558.134/0001-58	54

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1482
2	India	1151
3	China	1139
4	Brazil	280
5	Argentina	163
6	Russian Federation	105
7	Thailand	84
8	Indonesia	31
9	United States	29
10	Ethiopia	29

Friday, July 23, 2010

Botnet Statistics [2010-07-22]

detection period: 2010-07-22 00:00-23:59 UTC
total number of suspected botnet IPs: 3943
number of botnet IPs notified to network operators: 3497
number of blocked spams: 108604
recipient count of blocked spams: 2803827

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	839
2	HINET-NET	432
3	CHINANET-GD	415
4	TFN-NET	368
5	RITELE	264
6	AR-TEAR7-LACNIC	103
7	RCOM	95
8	TATACOMM-IN	91
9	HATHWAY-NET	56
10	002.558.134/0001-58	48

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1184
2	China	959
3	Taiwan	810
4	Brazil	273
5	Argentina	170
6	Russian Federation	94
7	Thailand	79
8	Indonesia	33
9	Ukraine	31
10	Ethiopia	27

Thursday, July 22, 2010

Botnet Statistics [2010-07-21]

detection period: 2010-07-21 00:00-23:59 UTC
total number of suspected botnet IPs: 3642
number of botnet IPs notified to network operators: 3186
number of blocked spams: 89683
recipient count of blocked spams: 2348217

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	971
2	CHINANET-GD	656
3	TFN-NET	154
4	RCOM	116
5	RITELE	104
6	AR-TEAR7-LACNIC	104
7	TATACOMM-IN	93
8	HATHWAY-NET	73
9	002.558.134/0001-58	52
10	000.065.376/0002-65	47

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1368
2	China	1037
3	Brazil	295
4	Taiwan	179
5	Argentina	165
6	Russian Federation	119
7	Thailand	78
8	South Korea	27
9	Mexico	26
10	Ethiopia	26

Wednesday, July 21, 2010

Botnet Statistics [2010-07-20]

detection period: 2010-07-20 00:00-23:59 UTC
total number of suspected botnet IPs: 3370
number of botnet IPs notified to network operators: 2931
number of blocked spams: 108473
recipient count of blocked spams: 2603178

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	883
2	CHINANET-GD	473
3	RITELE	183
4	AR-TEAR7-LACNIC	122
5	RCOM	85
6	TATACOMM-IN	80
7	HATHWAY-NET	66
8	002.558.134/0001-58	59
9	000.065.376/0002-65	45
10	002.558.157/0001-62	40

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1228
2	China	996
3	Brazil	313
4	Argentina	190
5	Russian Federation	117
6	Thailand	73
7	Taiwan	49
8	Ukraine	36
9	Mexico	32
10	Ethiopia	31

Tuesday, July 20, 2010

Botnet Statistics [2010-07-19]

detection period: 2010-07-19 00:00-23:59 UTC
total number of suspected botnet IPs: 3508
number of botnet IPs notified to network operators: 3040
number of blocked spams: 141462
recipient count of blocked spams: 3144806

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	924
2	CHINANET-GD	450
3	RITELE	247
4	AR-TEAR7-LACNIC	129
5	RCOM	93
6	TATACOMM-IN	88
7	HATHWAY-NET	74
8	000.065.376/0002-65	45
9	002.558.134/0001-58	44
10	HINET-NET	43

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1295
2	China	1034
3	Brazil	287
4	Argentina	210
5	Russian Federation	110
6	Thailand	72
7	Taiwan	59
8	Ukraine	35
9	Indonesia	32
10	Colombia	30

Monday, July 19, 2010

Botnet Statistics [2010-07-18]

detection period: 2010-07-18 00:00-23:59 UTC
total number of suspected botnet IPs: 2418
number of botnet IPs notified to network operators: 2037
number of blocked spams: 166249
recipient count of blocked spams: 3040477

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	545
2	BSNLNET	308
3	RITELE	126
4	AR-TEAR7-LACNIC	90
5	002.558.134/0001-58	43
6	CAT-BB-NET	40
7	RCOM	37
8	000.065.376/0002-65	36
9	TATACOMM-IN	29
10	UY-ANTA-LACNIC	26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	971
2	India	449
3	Brazil	196
4	Argentina	147
5	Russian Federation	90
6	Thailand	83
7	Taiwan	43
8	United States	42
9	Ukraine	36
10	Uruguay	26

Sunday, July 18, 2010

Botnet Statistics [2010-07-17]

detection period: 2010-07-17 00:00-23:59 UTC
total number of suspected botnet IPs: 2679
number of botnet IPs notified to network operators: 2337
number of blocked spams: 102966
recipient count of blocked spams: 1452375

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	532
2	CHINANET-GD	514
3	RITELE	302
4	AR-TEAR7-LACNIC	86
5	TATACOMM-IN	54
6	RCOM	53
7	HATHWAY-NET	41
8	002.558.134/0001-58	37
9	CAT-BB-NET	36
10	000.065.376/0002-65	35

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	1067
2	India	754
3	Brazil	209
4	Argentina	135
5	Thailand	83
6	Russian Federation	74
7	United States	44
8	Taiwan	35
9	Indonesia	27
10	Colombia	23

Saturday, July 17, 2010

Botnet Statistics [2010-07-16]

Taiwan, once the regular champion in my botnet chart, finally dropped out of the top 10 yesterday. China, possibly having the largest internet population in the world, also shows signs of improvement. While China has not left my botnet chart yet, it has managed to stay out of ICSA Labs' Top 10 countries sending spam, Sophos' Dirty dozen spam-relaying countries, and M86 Security Labs' Top 12 Spam Sources by Country for the past few months. China also falls from the all time champion, to around 20th of the last 30 and 7 days, on the spam server country chart of Project Honey Pot.

detection period: 2010-07-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2937
number of botnet IPs notified to network operators: 2480
number of blocked spams: 100248
recipient count of blocked spams: 2456001

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	688
2	CHINANET-GD	405
3	RITELE	204
4	AR-TEAR7-LACNIC	94
5	TATACOMM-IN	82
6	RCOM	76
7	HATHWAY-NET	47
8	002.558.134/0001-58	43
9	000.065.376/0002-65	42
10	CAT-BB-NET	40

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	990
2	China	903
3	Brazil	245
4	Argentina	153
5	Russian Federation	114
6	Thailand	91
7	United States	36
8	Ukraine	32
9	Indonesia	31
10	Colombia	30

Friday, July 16, 2010

Botnet Statistics [2010-07-15]

detection period: 2010-07-15 00:00-23:59 UTC
total number of suspected botnet IPs: 2935
number of botnet IPs notified to network operators: 2544
number of blocked spams: 84834
recipient count of blocked spams: 2112643

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	465
2	HINET-NET	370
3	CHINANET-GD	354
4	RITELE	265
5	AR-TEAR7-LACNIC	94
6	TATACOMM-IN	50
7	000.065.376/0002-65	39
8	HATHWAY-NET	38
9	CAT-BB-NET	38
10	RCOM	37

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	899
2	India	664
3	Taiwan	383
4	Brazil	233
5	Argentina	155
6	Russian Federation	116
7	Thailand	81
8	United States	51
9	Ukraine	37
10	Colombia	27

Thursday, July 15, 2010

Botnet Statistics [2010-07-14]

detection period: 2010-07-14 00:00-23:59 UTC
total number of suspected botnet IPs: 3915
number of botnet IPs notified to network operators: 3464
number of blocked spams: 159905
recipient count of blocked spams: 2898480

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	773
2	HINET-NET	645
3	CHINANET-GD	458
4	RITELE	223
5	AR-TEAR7-LACNIC	122
6	TATACOMM-IN	102
7	RCOM	84
8	HATHWAY-NET	55
9	002.558.134/0001-58	45
10	000.065.376/0002-65	44

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1127
2	China	1006
3	Taiwan	664
4	Brazil	284
5	Argentina	187
6	Russian Federation	108
7	Thailand	80
8	United States	62
9	Ukraine	34
10	Indonesia	34

Wednesday, July 14, 2010

Botnet Statistics [2010-07-13]

detection period: 2010-07-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1495
number of botnet IPs notified to network operators: 1279
number of blocked spams: 115478
recipient count of blocked spams: 1871165

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	424
2	RITELE	288
3	AR-TEAR7-LACNIC	57
4	002.558.157/0001-62	29
5	002.558.134/0001-58	27
6	000.065.376/0002-65	22
7	076.535.764/0326-90	21
8	AR-PRSA-LACNIC	15
9	BSNLNET	14
10	002.449.992/0001-64	14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	830
2	Brazil	177
3	Argentina	98
4	Russian Federation	44
5	India	44
6	Thailand	39
7	United States	32
8	Colombia	29
9	Indonesia	20
10	Taiwan	17

Tuesday, July 13, 2010

Botnet Statistics [2010-07-12]

detection period: 2010-07-12 00:00-23:59 UTC
total number of suspected botnet IPs: 2206
number of botnet IPs notified to network operators: 1919
number of blocked spams: 84820
recipient count of blocked spams: 1395368

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	452
2	CHINANET-GD	281
3	RITELE	280
4	AR-TEAR7-LACNIC	70
5	RCOM	60
6	TATACOMM-IN	57
7	002.558.134/0001-58	36
8	UNICOM-SD	33
9	000.065.376/0002-65	33
10	HATHWAY-NET	32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	808
2	India	666
3	Brazil	200
4	Argentina	112
5	Russian Federation	81
6	Thailand	61
7	Ukraine	26
8	Colombia	26
9	Taiwan	24
10	Indonesia	24

Monday, July 12, 2010

Botnet Statistics [2010-07-11]

detection period: 2010-07-11 00:00-23:59 UTC
total number of suspected botnet IPs: 3020
number of botnet IPs notified to network operators: 2756
number of blocked spams: 199522
recipient count of blocked spams: 3817163

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	855
2	CHINANET-GD	723
3	BSNLNET	199
4	RITELE	179
5	AR-TEAR7-LACNIC	92
6	UNICOM-SD	38
7	000.065.376/0002-65	35
8	002.558.134/0001-58	34
9	RCOM	30
10	CAT-BB-NET	27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	1155
2	Taiwan	861
3	India	279
4	Brazil	168
5	Argentina	154
6	Russian Federation	80
7	Thailand	74
8	Ukraine	27
9	Indonesia	24
10	Colombia	22

Sunday, July 11, 2010

Botnet Statistics [2010-07-10]

detection period: 2010-07-10 00:00-23:59 UTC
total number of suspected botnet IPs: 3411
number of botnet IPs notified to network operators: 3044
number of blocked spams: 225713
recipient count of blocked spams: 5230667

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	876
2	CHINANET-GD	586
3	RITELE	219
4	AR-TEAR7-LACNIC	125
5	RCOM	97
6	TATACOMM-IN	95
7	HATHWAY-NET	70
8	HINET-NET	61
9	002.558.134/0001-58	60
10	000.065.376/0002-65	49

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1248
2	China	1109
3	Brazil	280
4	Argentina	198
5	Russian Federation	102
6	Taiwan	72
7	Thailand	67
8	Ukraine	29
9	Indonesia	28
10	Colombia	28

Saturday, July 10, 2010

Botnet Statistics [2010-07-09]

detection period: 2010-07-09 00:00-23:59 UTC
total number of suspected botnet IPs: 5105
number of botnet IPs notified to network operators: 4650
number of blocked spams: 235868
recipient count of blocked spams: 5732387

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	1264
2	HINET-NET	845
3	CHINANET-GD	804
4	RITELE	199
5	TATACOMM-IN	129
6	RCOM	129
7	AR-TEAR7-LACNIC	105
8	HATHWAY-NET	91
9	002.558.134/0001-58	74
10	ALLIANCEBROADBAND	60

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1749
2	China	1347
3	Taiwan	857
4	Brazil	354
5	Argentina	182
6	Russian Federation	124
7	Thailand	90
8	Ethiopia	51
9	Indonesia	35
10	Ukraine	34

Friday, July 9, 2010

Botnet Statistics [2010-07-08]

detection period: 2010-07-08 00:00-23:59 UTC
total number of suspected botnet IPs: 4863
number of botnet IPs notified to network operators: 4379
number of blocked spams: 152286
recipient count of blocked spams: 4078687

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	1097
2	HINET-NET	1091
3	CHINANET-GD	539
4	RITELE	171
5	AR-TEAR7-LACNIC	131
6	TATACOMM-IN	129
7	RCOM	123
8	HATHWAY-NET	79
9	002.558.134/0001-58	62
10	ALLIANCEBROADBAND	57

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1559
2	Taiwan	1100
3	China	1040
4	Brazil	327
5	Argentina	199
6	Russian Federation	142
7	Thailand	103
8	Ukraine	43
9	Ethiopia	42
10	Indonesia	34

Thursday, July 8, 2010

Botnet Statistics [2010-07-07]

detection period: 2010-07-07 00:00-23:59 UTC
total number of suspected botnet IPs: 4241
number of botnet IPs notified to network operators: 3705
number of blocked spams: 211921
recipient count of blocked spams: 5156727

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	1224
2	CHINANET-GD	786
3	RITELE	141
4	RCOM	129
5	AR-TEAR7-LACNIC	129
6	TATACOMM-IN	123
7	ALLIANCEBROADBAND	81
8	HATHWAY-NET	79
9	002.558.134/0001-58	73
10	002.449.992/0001-64	55

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1711
2	China	1245
3	Brazil	369
4	Argentina	194
5	Russian Federation	142
6	Thailand	83
7	Ethiopia	52
8	Taiwan	41
9	Ukraine	36
10	Colombia	36

Wednesday, July 7, 2010

Botnet Statistics [2010-07-06]

detection period: 2010-07-06 00:00-23:59 UTC
total number of suspected botnet IPs: 4482
number of botnet IPs notified to network operators: 3987
number of blocked spams: 162529
recipient count of blocked spams: 4313365

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	1127
2	HINET-NET	713
3	CHINANET-GD	491
4	RCOM	137
5	AR-TEAR7-LACNIC	130
6	RITELE	129
7	TATACOMM-IN	91
8	HATHWAY-NET	75
9	002.558.134/0001-58	74
10	ALLIANCEBROADBAND	69

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1589
2	China	944
3	Taiwan	723
4	Brazil	368
5	Argentina	212
6	Russian Federation	151
7	Thailand	61
8	Ethiopia	37
9	South Korea	36
10	Colombia	36

Tuesday, July 6, 2010

Botnet Statistics [2010-07-05]

detection period: 2010-07-05 00:00-23:59 UTC
total number of suspected botnet IPs: 4064
number of botnet IPs notified to network operators: 3517
number of blocked spams: 129129
recipient count of blocked spams: 3771392

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	1148
2	CHINANET-GD	578
3	RITELE	185
4	AR-TEAR7-LACNIC	155
5	RCOM	99
6	002.558.134/0001-58	85
7	TATACOMM-IN	81
8	ETHIONET	65
9	002.449.992/0001-64	61
10	000.065.376/0002-65	60

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	1462
2	China	1133
3	Brazil	410
4	Argentina	252
5	Russian Federation	183
6	Thailand	90
7	Ethiopia	65
8	Taiwan	51
9	Ukraine	44
10	South Korea	36

Monday, July 5, 2010

Botnet Statistics [2010-07-04]

detection period: 2010-07-04 00:00-23:59 UTC
total number of suspected botnet IPs: 2118
number of botnet IPs notified to network operators: 1848
number of blocked spams: 103940
recipient count of blocked spams: 2869921

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	480
2	RITELE	246
3	BSNLNET	244
4	AR-TEAR7-LACNIC	107
5	RCOM	41
6	002.558.134/0001-58	41
7	000.065.376/0002-65	36
8	TRUENET	26
9	UNICOM-SD	25
10	TATACOMM-IN	24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	981
2	India	370
3	Brazil	176
4	Argentina	160
5	Russian Federation	81
6	Thailand	67
7	Taiwan	30
8	Ukraine	24
9	Indonesia	19
10	Mexico	18

Sunday, July 4, 2010

Botnet Statistics [2010-07-03]

detection period: 2010-07-03 00:00-23:59 UTC
total number of suspected botnet IPs: 2651
number of botnet IPs notified to network operators: 2359
number of blocked spams: 77676
recipient count of blocked spams: 2255889

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	623
2	CHINANET-GD	526
3	HINET-NET	108
4	AR-TEAR7-LACNIC	108
5	RITELE	88
6	RCOM	81
7	TATACOMM-IN	61
8	HATHWAY-NET	56
9	UNICOM-SD	39
10	002.558.134/0001-58	35

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	903
2	China	887
3	Brazil	193
4	Argentina	164
5	Taiwan	118
6	Thailand	72
7	Russian Federation	69
8	Indonesia	23
9	Colombia	22
10	Ukraine	21

Saturday, July 3, 2010

Botnet Statistics for June 2010

We saw a substantial increase in number of detected bots in June (from 54K in May to 74K in June). Part of the reason might be that I added another detection system around the end of May. There are currently 3 systems running, though one of them is going to be taken offline before the coming August.

But I guess that another event, the public disclosure of a zero-day vulnerability in Microsoft XP by a Google researcher, also contributed to the increased bot counts. He posted his finding - the details of the vulnerability and proof-of-concept code - to a mailing list on June 10, 5 days after he had informed Microsoft of the vulnerability. Take a look at bot counts graphs in 5-day entroby at Shadowserver Foundation. You can see that around one third into June (about June 10), bot counts changed from a rapid declining trend to an increasing one. Though I detected more bots in June, they did not fall back to the previous level, as Microsoft haven't released an official patch for that vulnerability yet.

detection period: 2010-06-01 00:00 - 2010-06-30 23:59 UTC
total number of suspected botnet IPs: 74883
number of blocked spams: 4221977
recipient count of blocked spams: 100120734

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	25243
2	Taiwan	16854
3	China	15323
4	Brazil	5029
5	Argentina	3187
6	Russian Federation	2059
7	Thailand	1032
8	Ukraine	617
9	Mexico	523
10	Ethiopia	522
11	United States	433
12	Uruguay	349
13	Chile	253
14	Germany	241
15	Indonesia	222
16	South Korea	188
17	Japan	184
18	Colombia	175
19	Belarus	152
20	Algeria	136
21	Iran	129
22	Kazakhstan	128
23	France	128
24	Hong Kong	122
25	Egypt	106

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

Rank	Country	# of blocked spams
1	China	1155932
2	Taiwan	792198
3	Brazil	459900
4	India	341508
5	Malaysia	235830
6	Russian Federation	154396
7	United States	133067
8	Thailand	112624
9	Indonesia	99006
10	Argentina	95129
11	Colombia	78206
12	Ukraine	39531
13	Chile	36692
14	South Korea	31964
15	Czech Republic	30782
16	Poland	28600
17	France	27340
18	Viet Nam	21405
19	Pakistan	19818
20	Saudi Arabia	18992
21	United Kingdom	16810
22	Germany	16643
23	Philippines	16404
24	Czechoslovakia	16397
25	Italy	16167

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2010-07-02]

detection period: 2010-07-02 00:00-23:59 UTC
total number of suspected botnet IPs: 5132
number of botnet IPs notified to network operators: 4727
number of blocked spams: 130775
recipient count of blocked spams: 3800596

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1344
2	CHINANET-GD	968
3	BSNLNET	914
4	RITELE	243
5	AR-TEAR7-LACNIC	117
6	RCOM	105
7	TATACOMM-IN	99
8	002.558.134/0001-58	56
9	HATHWAY-NET	53
10	000.065.376/0002-65	46

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	1527
2	Taiwan	1356
3	India	1284
4	Brazil	270
5	Argentina	187
6	Russian Federation	113
7	Thailand	85
8	Ukraine	38
9	Ethiopia	29
10	Indonesia	28

Friday, July 2, 2010

Botnet Statistics [2010-07-01]

detection period: 2010-07-01 00:00-23:59 UTC
total number of suspected botnet IPs: 4495
number of botnet IPs notified to network operators: 4162
number of blocked spams: 77617
recipient count of blocked spams: 2142647

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1321
2	BSNLNET	755
3	CHINANET-GD	640
4	RITELE	266
5	AR-TEAR7-LACNIC	103
6	RCOM	98
7	TATACOMM-IN	66
8	HATHWAY-NET	53
9	002.558.134/0001-58	52
10	ALLIANCEBROADBAND	36

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1327
2	China	1161
3	India	1069
4	Brazil	293
5	Argentina	156
6	Russian Federation	96
7	Thailand	80
8	Ukraine	35
9	Indonesia	34
10	Colombia	28

Thursday, July 1, 2010

Botnet Statistics [2010-06-30]

detection period: 2010-06-30 00:00-23:59 UTC
total number of suspected botnet IPs: 4494
number of botnet IPs notified to network operators: 4112
number of blocked spams: 62435
recipient count of blocked spams: 1377494

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1296
2	CHINANET-GD	713
3	BSNLNET	712
4	RITELE	261
5	RCOM	99
6	AR-TEAR7-LACNIC	79
7	TATACOMM-IN	65
8	HATHWAY-NET	51
9	ALLIANCEBROADBAND	48
10	000.065.376/0002-65	42

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1306
2	China	1262
3	India	1047
4	Brazil	249
5	Argentina	145
6	Russian Federation	110
7	Thailand	66
8	Indonesia	33
9	South Korea	26
10	Colombia	24