Custom Search

Tuesday, December 29, 2009

Botnet Statistics [2009-12-28]

My notification mail are sent from an email account of a well-known service company. My notifications have been mistaken for spam mail by them several times, as I have to include spam headers in the mail, as requested by various network operators. I have also hit my daily mail sending quota occasionally. Today it happened again. I decided to make a few modification to my mail notice. Only the first 15 relay attempts from each IP will be included. And network operators with less than 2 detected bots will not get notified.

detection period: 2009-12-28 00:00-23:59 UTC
total number of suspected botnet IPs: 4219
number of botnet IPs notified to network operators: 3716

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1232
2BSNLNET428
3CHINANET-GD369
4TFN-NET189
5002.558.157/0001-62131
6AR-TEAR7-LACNIC94
7RCOM82
8TATACOMM-IN76
9002.558.134/0001-5870
10UNICOM-SD59

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1438
2China986
3India687
4Brazil421
5Argentina161
6Russian Federation98
7United States64
8Ukraine29
9South Korea24
10Indonesia21

No comments:

Post a Comment