Daily Botnet Statistics: December 2009

Thursday, December 31, 2009

Botnet Statistics [2009-12-30]

detection period: 2009-12-30 00:00-23:59 UTC
total number of suspected botnet IPs: 4363
number of botnet IPs notified to network operators: 3884

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1272
2	BSNLNET	544
3	CHINANET-GD	468
4	TFN-NET	151
5	002.558.157/0001-62	112
6	AR-TEAR7-LACNIC	108
7	TATACOMM-IN	85
8	RCOM	80
9	002.558.134/0001-58	80
10	002.449.992/0001-64	65

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1438
2	China	867
3	India	814
4	Brazil	401
5	Argentina	177
6	Russian Federation	116
7	United States	93
8	Ukraine	33
9	South Korea	32
10	Ethiopia	26

Wednesday, December 30, 2009

Botnet Statistics [2009-12-29]

detection period: 2009-12-29 00:00-23:59 UTC
total number of suspected botnet IPs: 4489
number of botnet IPs notified to network operators: 4056

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1341
2	BSNLNET	572
3	TFN-NET	404
4	CHINANET-GD	338
5	002.558.157/0001-62	125
6	AR-TEAR7-LACNIC	106
7	RCOM	77
8	002.558.134/0001-58	75
9	TATACOMM-IN	67
10	002.449.992/0001-64	54

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1761
2	India	829
3	China	710
4	Brazil	410
5	Argentina	179
6	Russian Federation	99
7	United States	87
8	South Korea	36
9	Ukraine	29
10	United Kingdom	26

Tuesday, December 29, 2009

Botnet Statistics [2009-12-28]

My notification mail are sent from an email account of a well-known service company. My notifications have been mistaken for spam mail by them several times, as I have to include spam headers in the mail, as requested by various network operators. I have also hit my daily mail sending quota occasionally. Today it happened again. I decided to make a few modification to my mail notice. Only the first 15 relay attempts from each IP will be included. And network operators with less than 2 detected bots will not get notified.

detection period: 2009-12-28 00:00-23:59 UTC
total number of suspected botnet IPs: 4219
number of botnet IPs notified to network operators: 3716

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1232
2	BSNLNET	428
3	CHINANET-GD	369
4	TFN-NET	189
5	002.558.157/0001-62	131
6	AR-TEAR7-LACNIC	94
7	RCOM	82
8	TATACOMM-IN	76
9	002.558.134/0001-58	70
10	UNICOM-SD	59

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1438
2	China	986
3	India	687
4	Brazil	421
5	Argentina	161
6	Russian Federation	98
7	United States	64
8	Ukraine	29
9	South Korea	24
10	Indonesia	21

Monday, December 28, 2009

Botnet Statistics [2009-12-27]

detection period: 2009-12-27 00:00-23:59 UTC
total number of suspected botnet IPs: 2876
number of botnet IPs notified to network operators: 2716

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1241
2	CHINANET-GD	365
3	TFN-NET	142
4	BSNLNET	102
5	AR-TEAR7-LACNIC	61
6	002.558.157/0001-62	55
7	UNICOM-SD	43
8	002.558.134/0001-58	41
9	CHINANET-ZJ-WZ	30
10	000.065.376/0002-65	20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1392
2	China	654
3	Brazil	194
4	India	154
5	Argentina	114
6	Russian Federation	61
7	United States	57
8	Poland	18
9	Colombia	17
10	Ukraine	16

Sunday, December 27, 2009

Botnet Statistics [2009-12-26]

detection period: 2009-12-26 00:00-23:59 UTC
total number of suspected botnet IPs: 2864
number of botnet IPs notified to network operators: 2682

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1241
2	BSNLNET	273
3	CHINANET-GD	115
4	TFN-NET	108
5	002.558.157/0001-62	61
6	TATACOMM-IN	57
7	AR-TEAR7-LACNIC	53
8	RCOM	47
9	UNICOM-SD	39
10	002.558.134/0001-58	33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1362
2	China	458
3	India	424
4	Brazil	194
5	Argentina	108
6	Russian Federation	55
7	United States	28
8	Ukraine	28
9	South Korea	17
10	Thailand	15

Saturday, December 26, 2009

Botnet Statistics [2009-12-25]

detection period: 2009-12-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1905
number of botnet IPs notified to network operators: 1716

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	239
2	CHINANET-GD	219
3	HINET-NET	195
4	TFN-NET	112
5	AR-TEAR7-LACNIC	67
6	UNICOM-SD	53
7	002.558.157/0001-62	45
8	RCOM	44
9	TATACOMM-IN	38
10	002.558.134/0001-58	29

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	584
2	India	364
3	Taiwan	320
4	Brazil	156
5	Argentina	106
6	Russian Federation	76
7	United States	42
8	Ukraine	34
9	Ethiopia	18
10	South Korea	17

Friday, December 25, 2009

Botnet Statistics [2009-12-24]

detection period: 2009-12-24 00:00-23:59 UTC
total number of suspected botnet IPs: 3337
number of botnet IPs notified to network operators: 3104

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1223
2	BSNLNET	386
3	CHINANET-GD	279
4	002.558.157/0001-62	81
5	AR-TEAR7-LACNIC	77
6	TFN-NET	68
7	RCOM	59
8	002.558.134/0001-58	47
9	TATACOMM-IN	44
10	UNICOM-SD	41

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1339
2	China	587
3	India	577
4	Brazil	263
5	Argentina	123
6	Russian Federation	99
7	United States	41
8	Ukraine	34
9	Ethiopia	31
10	South Korea	23

Thursday, December 24, 2009

Botnet Statistics [2009-12-23]

detection period: 2009-12-23 00:00-23:59 UTC
total number of suspected botnet IPs: 2477
number of botnet IPs notified to network operators: 2240

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	347
2	BSNLNET	337
3	APOL-NET	158
4	CHINANET-GD	151
5	002.558.157/0001-62	93
6	AR-TEAR7-LACNIC	90
7	TFN-NET	79
8	002.558.134/0001-58	60
9	RCOM	56
10	TATACOMM-IN	54

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	595
2	India	521
3	China	492
4	Brazil	318
5	Argentina	144
6	Russian Federation	87
7	Ukraine	32
8	Colombia	22
9	South Korea	21
10	Ethiopia	19

Wednesday, December 23, 2009

Botnet Statistics [2009-12-22]

detection period: 2009-12-22 00:00-23:59 UTC
total number of suspected botnet IPs: 3796
number of botnet IPs notified to network operators: 3546

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	987
2	BSNLNET	460
3	TFN-NET	423
4	APOL-NET	333
5	CHINANET-GD	119
6	002.558.157/0001-62	113
7	AR-TEAR7-LACNIC	89
8	RCOM	63
9	002.558.134/0001-58	54
10	TATACOMM-IN	49

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1750
2	India	658
3	China	442
4	Brazil	357
5	Argentina	146
6	Russian Federation	100
7	Ukraine	27
8	South Korea	24
9	Colombia	24
10	Ethiopia	23

Tuesday, December 22, 2009

Botnet Statistics [2009-12-21]

detection period: 2009-12-21 00:00-23:59 UTC
total number of suspected botnet IPs: 3660
number of botnet IPs notified to network operators: 3384

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1074
2	BSNLNET	391
3	APOL-NET	227
4	TFN-NET	208
5	CHINANET-GD	188
6	002.558.157/0001-62	132
7	AR-TEAR7-LACNIC	94
8	TATACOMM-IN	53
9	002.558.134/0001-58	52
10	RCOM	49

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1517
2	India	576
3	China	522
4	Brazil	389
5	Argentina	153
6	Russian Federation	113
7	Ukraine	31
8	United States	23
9	Thailand	23
10	Colombia	23

Monday, December 21, 2009

Botnet Statistics [2009-12-20]

detection period: 2009-12-20 00:00-23:59 UTC
total number of suspected botnet IPs: 2856
number of botnet IPs notified to network operators: 2664

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1124
2	APOL-NET	189
3	CHINANET-GD	155
4	BSNLNET	149
5	TFN-NET	97
6	AR-TEAR7-LACNIC	82
7	002.558.157/0001-62	69
8	UNICOM-SD	38
9	RCOM	28
10	002.558.134/0001-58	27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1417
2	China	453
3	India	227
4	Brazil	222
5	Argentina	136
6	Russian Federation	80
7	United States	26
8	South Korea	25
9	Poland	24
10	Ukraine	23

Sunday, December 20, 2009

Botnet Statistics [2009-12-19]

After I utilize the data collected on the new detection system, the number of detected bots rose suddenly, and then took a sharp downfall. Now network operators seems to respond very fast upon my notifications. It is very good that my system seems to work, but I was wondering, is its own effectiveness going to drive itself into extinction, just like the (now gone) ORDB (Open Relay DataBase)?

detection period: 2009-12-19 00:00-23:59 UTC
total number of suspected botnet IPs: 2974
number of botnet IPs notified to network operators: 2768

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1172
2	BSNLNET	341
3	AR-TEAR7-LACNIC	99
4	CHINANET-GD	94
5	002.558.157/0001-62	73
6	RCOM	70
7	TATACOMM-IN	54
8	TFN-NET	48
9	UNICOM-SD	43
10	APOL-NET	42

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1267
2	India	527
3	China	388
4	Brazil	259
5	Argentina	154
6	Russian Federation	62
7	South Korea	28
8	United States	26
9	Colombia	24
10	Ukraine	22

Saturday, December 19, 2009

Botnet Statistics [2009-12-18]

After 8 hours of mental exercise, I have finished writing the needed scripts to combine data from both the old and new detection systems. Hope there is not too many bugs in my scripts. From now on, data presented here will be the combined result. With those scripts in hand, building more detection systems will not take too much effort.

detection period: 2009-12-18 00:00-23:59 UTC
total number of suspected botnet IPs: 3560
number of botnet IPs notified to network operators: 3326

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1078
2	BSNLNET	404
3	TFN-NET	253
4	APOL-NET	248
5	CHINANET-GD	140
6	002.558.157/0001-62	118
7	AR-TEAR7-LACNIC	94
8	RCOM	58
9	TATACOMM-IN	51
10	002.558.134/0001-58	42

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1589
2	India	587
3	China	468
4	Brazil	351
5	Argentina	152
6	Russian Federation	77
7	Colombia	27
8	Thailand	22
9	Ethiopia	22
10	Ukraine	21

Friday, December 18, 2009

Botnet Statistics [2009-12-17]

I should write some scripts to automatically combine numbers from both detection systems. Manual calculation is error-prone. Taiwan's numbers are taken from the new detection system, while other countries' numbers are taken from the old one.

detection period: 2009-12-17 00:00-23:59 UTC
total number of suspected botnet IPs: 3477
number of botnet IPs notified to network operators: 3266

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1024
2	APOL-NET	593
3	TFN-NET	307
4	BSNLNET	218
5	CHINANET-GD	140
6	002.558.157/0001-62	91
7	AR-TEAR7-LACNIC	57
8	RCOM	42
9	UNICOM-SD	38
10	002.558.134/0001-58	32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1927
2	China	430
3	India	344
4	Brazil	268
5	Argentina	102
6	Russian Federation	78
7	Colombia	25
8	Ukraine	23
9	United States	18
10	Thailand	18

Thursday, December 17, 2009

Botnet Statistics [2009-12-16]

Bots from countries other than Taiwan started to show up in the new detection system, though the overwhelming majority (more than 99%) were still from Taiwan. Today's statistics is calculated in the same way as yesterday. I take most of the numbers from the old detection system. Only Taiwan's numbers (as there are many networks in Taiwan) of bots are taken from the new system.

detection period: 2009-12-16 00:00-23:59 UTC
total number of suspected botnet IPs: 4867
number of botnet IPs notified to network operators: 4629

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	2163
2	CHINANET-GD	352
3	APOL-NET	338
4	BSNLNET	299
5	TFN-NET	295
6	002.558.157/0001-62	90
7	AR-TEAR7-LACNIC	65
8	RCOM	49
9	TATACOMM-IN	47
10	UNICOM-SD	46

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	2796
2	China	669
3	India	453
4	Brazil	290
5	Argentina	121
6	Russian Federation	110
7	United States	79
8	Ukraine	30
9	South Korea	27
10	Colombia	22

Wednesday, December 16, 2009

Botnet Statistics [2009-12-15]

I set up another botnet detection system about 10 days ago. Although it employees the same detection technique as the old one, the results are vastly different. Almost all botnet computers it detected were located in Taiwan, but I can't explain it. Today I tried to combine the botnet statistics from both systems.

detection period: 2009-12-15 00:00-23:59 UTC
total number of suspected botnet IPs: 5408
number of botnet IPs notified to network operators: 5178

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	2585
2	CHINANET-GD	544
3	APOL-NET	461
4	BSNLNET	233
5	TFN-NET	183
6	002.558.157/0001-62	99
7	AR-TEAR7-LACNIC	85
8	TATACOMM-IN	41
9	UNICOM-SD	38
10	RCOM	38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	3229
2	China	837
3	India	367
4	Brazil	288
5	Argentina	140
6	United States	97
7	Russian Federation	78
8	Colombia	29
9	South Korea	26
10	Ukraine	25

Tuesday, December 15, 2009

Botnet Statistics [2009-12-14]

detection period: 2009-12-14 00:00-23:59 UTC
total number of suspected botnet IPs: 2143
number of botnet IPs notified to network operators: 1908

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	507
2	BSNLNET	287
3	002.558.157/0001-62	97
4	AR-TEAR7-LACNIC	66
5	RCOM	45
6	TATACOMM-IN	34
7	UNICOM-SD	32
8	CHINANET-ZJ-WZ	29
9	002.558.134/0001-58	29
10	HATHWAY-NET	28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	789
2	India	433
3	Brazil	259
4	Argentina	118
5	United States	91
6	Russian Federation	77
7	Taiwan	27
8	South Korea	27
9	Ukraine	22
10	United Kingdom	21

Monday, December 14, 2009

Botnet Statistics [2009-12-13]

Today I learned something new. I have always thought the country code for the United Kingdom was "UK." Not so. As a new country code "GB" landed at number 10, now I know it stands for the United Kingdom. Great Britain, perhaps?

detection period: 2009-12-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1749
number of botnet IPs notified to network operators: 1566

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	608
2	BSNLNET	75
3	AR-TEAR7-LACNIC	56
4	002.558.157/0001-62	38
5	AR-CASA10-LACNIC	28
6	CHINANET-ZJ-WZ	25
7	CHINANET-JS	25
8	UNICOM-SD	24
9	HINET-NET	24
10	002.558.134/0001-58	21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	882
2	Brazil	149
3	India	122
4	Argentina	115
5	United States	79
6	Russian Federation	66
7	Taiwan	41
8	South Korea	31
9	Ukraine	22
10	United Kingdom	20

Sunday, December 13, 2009

Botnet Statistics [2009-12-12]

The top 6 countries on my botnet chart were always (in alphabetic order): Argentina, Brazil, China, India, Russian Federation, and Taiwan. Not any more! The new comer is United States, landed at number 6. Russian Federation is at the 7th spot now.

detection period: 2009-12-12 00:00-23:59 UTC
total number of suspected botnet IPs: 2059
number of botnet IPs notified to network operators: 1852

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	357
2	HINET-NET	293
3	BSNLNET	197
4	AR-TEAR7-LACNIC	64
5	RCOM	54
6	002.558.157/0001-62	52
7	000.065.376/0002-65	29
8	UNICOM-SD	28
9	002.558.134/0001-58	28
10	TATACOMM-IN	24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	639
2	India	320
3	Taiwan	306
4	Brazil	201
5	Argentina	111
6	United States	100
7	Russian Federation	66
8	South Korea	33
9	Colombia	22
10	Thailand	18

Saturday, December 12, 2009

Botnet Statistics [2009-12-11]

detection period: 2009-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 4070
number of botnet IPs notified to network operators: 3874

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	2219
2	CHINANET-GD	418
3	BSNLNET	148
4	002.558.157/0001-62	87
5	AR-TEAR7-LACNIC	53
6	CHINANET-JS	40
7	UNICOM-SD	33
8	CHINANET-ZJ-WZ	33
9	RCOM	32
10	TATACOMM-IN	28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	2232
2	China	838
3	India	248
4	Brazil	243
5	Argentina	100
6	Russian Federation	68
7	United States	49
8	Thailand	18
9	South Korea	18
10	Colombia	18

Friday, December 11, 2009

Botnet Statistics [2009-12-10]

detection period: 2009-12-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1071
number of botnet IPs notified to network operators: 925

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	182
2	BSNLNET	81
3	002.558.157/0001-62	41
4	HINET-NET	39
5	RCOM	26
6	AR-TEAR7-LACNIC	24
7	CHINANET-JS	23
8	UNICOM-SD	19
9	TATACOMM-IN	19
10	000.065.376/0002-65	19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	399
2	Brazil	154
3	India	153
4	Taiwan	54
5	Argentina	47
6	Russian Federation	40
7	South Korea	19
8	Ukraine	16
9	United States	15
10	Colombia	12

Thursday, December 10, 2009

Botnet Statistics [2009-12-09]

detection period: 2009-12-09 00:00-23:59 UTC
total number of suspected botnet IPs: 2179
number of botnet IPs notified to network operators: 1945

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	465
2	BSNLNET	238
3	002.558.157/0001-62	98
4	AR-TEAR7-LACNIC	64
5	HINET-NET	51
6	RCOM	47
7	TATACOMM-IN	45
8	CHINANET-JS	43
9	UNICOM-SD	37
10	002.558.134/0001-58	36

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	891
2	India	398
3	Brazil	293
4	Argentina	115
5	Taiwan	72
6	Russian Federation	66
7	Colombia	28
8	Thailand	23
9	Ukraine	22
10	United States	20

Wednesday, December 9, 2009

Botnet Statistics [2009-12-08]

detection period: 2009-12-08 00:00-23:59 UTC
total number of suspected botnet IPs: 4071
number of botnet IPs notified to network operators: 3841

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	2108
2	BSNLNET	266
3	CHINANET-GD	262
4	002.558.157/0001-62	92
5	AR-TEAR7-LACNIC	83
6	RCOM	51
7	TATACOMM-IN	40
8	UNICOM-SD	38
9	CHINANET-ZJ-WZ	36
10	002.558.134/0001-58	36

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	2126
2	China	663
3	India	412
4	Brazil	298
5	Argentina	147
6	Russian Federation	70
7	Thailand	33
8	Ukraine	31
9	United States	25
10	Uruguay	18

Tuesday, December 8, 2009

Botnet Statistics [2009-12-07]

detection period: 2009-12-07 00:00-23:59 UTC
total number of suspected botnet IPs: 4236
number of botnet IPs notified to network operators: 4017

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	2710
2	BSNLNET	214
3	002.558.157/0001-62	84
4	AR-TEAR7-LACNIC	71
5	CHINANET-GD	68
6	TATACOMM-IN	40
7	RCOM	38
8	002.558.134/0001-58	34
9	UNICOM-SD	28
10	HATHWAY-NET	24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	2724
2	China	366
3	India	350
4	Brazil	263
5	Argentina	123
6	Russian Federation	76
7	Thailand	27
8	Ukraine	23
9	Colombia	22
10	United States	19

Monday, December 7, 2009

Botnet Statistics [2009-12-06]

detection period: 2009-12-06 00:00-23:59 UTC
total number of suspected botnet IPs: 1893
number of botnet IPs notified to network operators: 1720

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	812
2	BSNLNET	79
3	AR-TEAR7-LACNIC	64
4	002.558.157/0001-62	55
5	CHINANET-GD	43
6	002.558.134/0001-58	31
7	UNICOM-SD	30
8	AR-CASA10-LACNIC	26
9	000.065.376/0002-65	20
10	UNICOM-HA	18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	824
2	China	295
3	Brazil	181
4	India	134
5	Argentina	114
6	Russian Federation	69
7	Thailand	25
8	South Korea	24
9	Ukraine	18
10	United States	17

Sunday, December 6, 2009

Botnet Statistics [2009-12-05]

detection period: 2009-12-05 00:00-23:59 UTC
total number of suspected botnet IPs: 2919
number of botnet IPs notified to network operators: 2751

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1664
2	BSNLNET	190
3	CHINANET-GD	59
4	002.558.157/0001-62	49
5	AR-TEAR7-LACNIC	48
6	RCOM	38
7	UNICOM-SD	37
8	TATACOMM-IN	37
9	002.558.134/0001-58	27
10	UNICOM-HA	25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	1683
2	China	409
3	India	317
4	Brazil	157
5	Argentina	89
6	Russian Federation	58
7	Colombia	16
8	United States	15
9	Ukraine	15
10	Thailand	14

Saturday, December 5, 2009

Botnet Statistics [2009-12-04]

detection period: 2009-12-04 00:00-23:59 UTC
total number of suspected botnet IPs: 1530
number of botnet IPs notified to network operators: 1331

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	BSNLNET	222
2	CHINANET-GD	88
3	002.558.157/0001-62	65
4	AR-TEAR7-LACNIC	57
5	RCOM	46
6	TATACOMM-IN	44
7	UNICOM-SD	41
8	CHINANET-JS	31
9	002.558.134/0001-58	28
10	UNICOM-HA	24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	498
2	India	366
3	Brazil	202
4	Argentina	100
5	Russian Federation	62
6	Taiwan	44
7	Thailand	21
8	Ukraine	19
9	Colombia	18
10	South Korea	15

Friday, December 4, 2009

Botnet Statistics [2009-12-03]

detection period: 2009-12-03 00:00-23:59 UTC
total number of suspected botnet IPs: 2316
number of botnet IPs notified to network operators: 2072

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	412
2	BSNLNET	245
3	002.558.157/0001-62	104
4	HINET-NET	64
5	UNICOM-SD	63
6	AR-TEAR7-LACNIC	63
7	TATACOMM-IN	41
8	RCOM	38
9	CHINANET-JS	38
10	AR-CASA10-LACNIC	32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	984
2	India	379
3	Brazil	314
4	Argentina	128
5	Taiwan	81
6	Russian Federation	72
7	Thailand	28
8	Colombia	25
9	United States	23
10	Ukraine	22

Thursday, December 3, 2009

Botnet Statistics [2009-12-02]

detection period: 2009-12-02 00:00-23:59 UTC
total number of suspected botnet IPs: 1996
number of botnet IPs notified to network operators: 1737

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-GD	295
2	BSNLNET	280
3	002.558.157/0001-62	111
4	AR-TEAR7-LACNIC	92
5	RCOM	51
6	TATACOMM-IN	45
7	002.558.134/0001-58	45
8	UNICOM-SD	33
9	002.449.992/0001-64	32
10	HINET-NET	28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	619
2	India	428
3	Brazil	315
4	Argentina	161
5	Russian Federation	89
6	Taiwan	40
7	Ukraine	36
8	Colombia	24
9	Thailand	23
10	United States	22

Wednesday, December 2, 2009

Botnet Statistics [2009-12-01]

HiNet in Taiwan got a surprising surge in botnet computers. My detection system logged more than 2000 botnet IPs from HiNet. Is this an outbreak of a new attack vector?

detection period: 2009-12-01 00:00-23:59 UTC
total number of suspected botnet IPs: 3723
number of botnet IPs notified to network operators: 3499

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	2112
2	CHINANET-GD	252
3	BSNLNET	101
4	002.558.157/0001-62	94
5	AR-TEAR7-LACNIC	78
6	002.558.134/0001-58	39
7	UNICOM-SD	31
8	002.449.992/0001-64	31
9	AR-CASA10-LACNIC	27
10	AR-PRSA-LACNIC	25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	Taiwan	2127
2	China	558
3	Brazil	295
4	India	182
5	Argentina	143
6	Russian Federation	77
7	United States	44
8	Colombia	26
9	Ukraine	25
10	Thailand	21

Tuesday, December 1, 2009

Botnet Statistics [2009-11-30]

detection period: 2009-11-30 00:00-23:59 UTC
total number of suspected botnet IPs: 2524
number of botnet IPs notified to network operators: 2291

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	627
2	CHINANET-GD	264
3	BSNLNET	215
4	AR-TEAR7-LACNIC	103
5	002.558.157/0001-62	96
6	002.558.134/0001-58	56
7	UNICOM-SD	40
8	TATACOMM-IN	31
9	RCOM	28
10	CHINANET-ZJ-WZ	28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	661
2	Taiwan	641
3	India	324
4	Brazil	288
5	Argentina	165
6	Russian Federation	69
7	Thailand	36
8	Ukraine	35
9	United States	26
10	Colombia	26