Custom Search

Sunday, February 28, 2010

Botnet Statistics [2010-02-27]

detection period: 2010-02-27 00:00-23:59 UTC
total number of suspected botnet IPs: 3448
number of botnet IPs notified to network operators: 3042
number of blocked spams: 138775
recipient count of blocked spams: 4573252

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET831
2HINET-NET342
3RITELE201
4AR-TEAR7-LACNIC182
5002.558.157/0001-62177
6002.558.134/0001-5889
7RCOM87
8HATHWAY-NET76
9TATACOMM-IN75
10002.449.992/0001-6447

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1161
2China553
3Brazil484
4Taiwan355
5Argentina251
6Russian Federation141
7Thailand65
8Mexico45
9Ukraine36
10Uruguay34

Saturday, February 27, 2010

Botnet Statistics [2010-02-26]

detection period: 2010-02-26 00:00-23:59 UTC
total number of suspected botnet IPs: 4298
number of botnet IPs notified to network operators: 3818
number of blocked spams: 187492
recipient count of blocked spams: 5166771

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET1099
2HINET-NET632
3002.558.157/0001-62202
4AR-TEAR7-LACNIC199
5RITELE150
6RCOM109
7002.558.134/0001-58100
8TATACOMM-IN98
9HATHWAY-NET85
10002.449.992/0001-6476

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1498
2Taiwan643
3Brazil610
4China533
5Argentina289
6Russian Federation174
7Thailand62
8Mexico43
9Uruguay36
10Colombia36

Friday, February 26, 2010

Botnet Statistics [2010-02-25]

detection period: 2010-02-25 00:00-23:59 UTC
total number of suspected botnet IPs: 3506
number of botnet IPs notified to network operators: 3102
number of blocked spams: 136227
recipient count of blocked spams: 3732042

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET749
2HINET-NET581
3002.558.157/0001-62170
4RITELE142
5AR-TEAR7-LACNIC139
6RCOM85
7002.558.134/0001-5882
8TATACOMM-IN66
9HATHWAY-NET54
10002.449.992/0001-6453

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1025
2Taiwan593
3Brazil503
4China495
5Argentina214
6Russian Federation131
7Thailand64
8Uruguay42
9Mexico37
10Colombia33

Thursday, February 25, 2010

Botnet Statistics [2010-02-24]

detection period: 2010-02-24 00:00-23:59 UTC
total number of suspected botnet IPs: 4200
number of botnet IPs notified to network operators: 3768
number of blocked spams: 156972
recipient count of blocked spams: 4613896

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET1113
2HINET-NET740
3002.558.157/0001-62173
4AR-TEAR7-LACNIC158
5002.558.134/0001-58106
6RCOM101
7TATACOMM-IN100
8RITELE89
9002.449.992/0001-6485
10HATHWAY-NET83

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1495
2Taiwan750
3Brazil572
4China450
5Argentina240
6Russian Federation143
7Thailand54
8Uruguay40
9Colombia40
10South Korea38

Wednesday, February 24, 2010

Botnet Statistics [2010-02-23]

detection period: 2010-02-23 00:00-23:59 UTC
total number of suspected botnet IPs: 3965
number of botnet IPs notified to network operators: 3549
number of blocked spams: 141639
recipient count of blocked spams: 4422904

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET853
2HINET-NET820
3002.558.157/0001-62183
4AR-TEAR7-LACNIC170
5CHINATELECOM-BJ115
6002.558.134/0001-5899
7RCOM92
8TATACOMM-IN89
9002.449.992/0001-6474
10HATHWAY-NET72

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1198
2Taiwan832
3Brazil569
4China460
5Argentina250
6Russian Federation107
7Thailand47
8Mexico38
9Uruguay36
10Ethiopia34

Tuesday, February 23, 2010

Botnet Statistics [2010-02-22]

detection period: 2010-02-22 00:00-23:59 UTC
total number of suspected botnet IPs: 4571
number of botnet IPs notified to network operators: 4161
number of blocked spams: 127936
recipient count of blocked spams: 3993286

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1269
2BSNLNET848
3AR-TEAR7-LACNIC189
4CHINANET-GD185
5002.558.157/0001-62171
6CHINATELECOM-BJ117
7002.558.134/0001-58104
8TATACOMM-IN86
9RCOM78
10HATHWAY-NET70

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1283
2India1180
3China653
4Brazil534
5Argentina265
6Russian Federation104
7Thailand58
8Uruguay47
9Mexico40
10Colombia34

Monday, February 22, 2010

Botnet Statistics [2010-02-21]

detection period: 2010-02-21 00:00-23:59 UTC
total number of suspected botnet IPs: 3372
number of botnet IPs notified to network operators: 3042
number of blocked spams: 115587
recipient count of blocked spams: 3622472

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1011
2BSNLNET377
3AR-TEAR7-LACNIC173
4002.558.157/0001-62120
5CHINATELECOM-BJ109
6002.558.134/0001-5877
7UNICOM-SD55
8UY-ANTA-LACNIC54
9CHINANET-GD44
10MX-GICS-LACNIC37

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1028
2China616
3India495
4Brazil388
5Argentina252
6Russian Federation116
7Uruguay54
8Thailand51
9Meico46
10Colombia31

Sunday, February 21, 2010

Botnet Statistics [2010-02-20]

detection period: 2010-02-20 00:00-23:59 UTC
total number of suspected botnet IPs: 3201
number of botnet IPs notified to network operators: 2920
number of blocked spams: 108320
recipient count of blocked spams: 3359644

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1299
2BSNLNET444
3002.558.157/0001-62110
4AR-TEAR7-LACNIC100
5CHINATELECOM-BJ88
6RCOM65
7TATACOMM-IN50
8002.558.134/0001-5850
9002.449.992/0001-6444
10HATHWAY-NET39
(I found the table above was incorrect while browsing my own blog on Feb 27. As HiNet is an ISP in Taiwan, there is no way that Hinet had 1299 bots while only 894 bots were found in Taiwan. It seems to be the same table from Feb 19. I must have forgotten to update this table. The recalculated, correct one is shown below.)

RankNetwork# of suspected botnet IPs
1HINET-NET883
2BSNLNET617
3CHINATELECOM-BJ147
4AR-TEAR7-LACNIC137
5002.558.157/0001-62100
6RCOM72
7002.558.134/0001-5859
8HATHWAY-NET55
9TATACOMM-IN53
10UNICOM-SD37

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan894
2India870
3China464
4Brazil334
5Argentina210
6Russian Federation85
7Thailand37
8Colombia27
9Uruguay23
10Ukraine22

Saturday, February 20, 2010

Botnet Statistics [2010-02-19]

detection period: 2010-02-19 00:00-23:59 UTC
total number of suspected botnet IPs: 3263
number of botnet IPs notified to network operators: 2978
number of blocked spams: 118013
recipient count of blocked spams: 3024802

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1299
2BSNLNET444
3002.558.157/0001-62110
4AR-TEAR7-LACNIC100
5CHINATELECOM-BJ88
6RCOM65
7TATACOMM-IN50
8002.558.134/0001-5850
9002.449.992/0001-6444
10HATHWAY-NET39

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1312
2India655
3Brazil361
4China347
5Argentina165
6Russian Federation74
7Colombia29
8United States24
9South Korea23
10Thailand21

Friday, February 19, 2010

Botnet Statistics [2010-02-18]

detection period: 2010-02-18 00:00-23:59 UTC
total number of suspected botnet IPs: 3331
number of botnet IPs notified to network operators: 3035
number of blocked spams: 135580
recipient count of blocked spams: 3660817

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1304
2BSNLNET522
3CHINATELECOM-BJ150
4002.558.157/0001-62105
5AR-TEAR7-LACNIC79
6TATACOMM-IN61
7002.558.134/0001-5851
8RCOM50
9HATHWAY-NET45
10CHINANET-GD38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1316
2India738
3China398
4Brazil315
5Argentina140
6Russian Federation78
7Thailand32
8Colombia32
9Ethiopia24
10Ukraine17

Thursday, February 18, 2010

Botnet Statistics [2010-02-17]

detection period: 2010-02-17 00:00-23:59 UTC
total number of suspected botnet IPs: 3256
number of botnet IPs notified to network operators: 2955
number of blocked spams: 131105
recipient count of blocked spams: 3536840

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1264
2BSNLNET489
3CHINANET-GD120
4AR-TEAR7-LACNIC95
5CHINATELECOM-BJ88
6002.558.157/0001-6281
7RCOM61
8002.558.134/0001-5848
9HATHWAY-NET46
10TATACOMM-IN42

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1273
2India693
3China404
4Brazil270
5Argentina167
6Russian Federation73
7Thailand36
8Colombia32
9South Korea23
10Ethiopia20

Wednesday, February 17, 2010

Botnet Statistics [2010-02-16]

detection period: 2010-02-16 00:00-23:59 UTC
total number of suspected botnet IPs: 3363
number of botnet IPs notified to network operators: 3045
number of blocked spams: 145417
recipient count of blocked spams: 3819794

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1183
2BSNLNET533
3CHINATELECOM-BJ243
4CHINANET-GD106
5AR-TEAR7-LACNIC105
6RCOM75
7002.558.157/0001-6265
8HATHWAY-NET51
9TATACOMM-IN47
10002.558.134/0001-5835

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1192
2India768
3China560
4Brazil205
5Argentina161
6Russian Federation103
7Thailand43
8Colombia29
9United States22
10Ukraine20

Tuesday, February 16, 2010

Botnet Statistics [2010-02-15]

detection period: 2010-02-15 00:00-23:59 UTC
total number of suspected botnet IPs: 3519
number of botnet IPs notified to network operators: 3187
number of blocked spams: 143163
recipient count of blocked spams: 3037715

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET898
2BSNLNET803
3CHINATELECOM-BJ252
4AR-TEAR7-LACNIC108
5RCOM89
6002.558.157/0001-6289
7HATHWAY-NET79
8TATACOMM-IN68
9CHINANET-GD62
10002.558.134/0001-5851

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1134
2Taiwan907
3China511
4Brazil266
5Argentina171
6Russian Federation111
7Thailand57
8Colombia29
9South Korea26
10Ukraine25

Monday, February 15, 2010

Botnet Statistics [2010-02-14]

detection period: 2010-02-14 00:00-23:59 UTC
total number of suspected botnet IPs: 2801
number of botnet IPs notified to network operators: 2475
number of blocked spams: 109898
recipient count of blocked spams: 2583217

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET826
2BSNLNET414
3AR-TEAR7-LACNIC132
4CHINATELECOM-BJ109
5002.558.157/0001-6295
6002.558.134/0001-5866
7TRUENET33
8000.065.376/0002-6533
9RCOM31
10TATACOMM-IN28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan842
2India553
3China364
4Brazil306
5Argentina195
6Russian Federation116
7Thailand66
8United States27
9Uruguay26
10Mexico25

Sunday, February 14, 2010

Botnet Statistics [2010-02-13]

detection period: 2010-02-13 00:00-23:59 UTC
total number of suspected botnet IPs: 3837
number of botnet IPs notified to network operators: 3432
number of blocked spams: 156416
recipient count of blocked spams: 3711177

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1152
2BSNLNET786
3AR-TEAR7-LACNIC141
4002.558.157/0001-62137
5RCOM102
6002.558.134/0001-5887
7HATHWAY-NET74
8TATACOMM-IN70
9UY-ANTA-LACNIC40
10000.065.376/0002-6535

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1165
2India1132
3Brazil411
4China295
5Argentina218
6Russian Federation128
7Thailand53
8Uruguay40
9United States34
10South Korea30

Saturday, February 13, 2010

Botnet Statistics [2010-02-12]

detection period: 2010-02-12 00:00-23:59 UTC
total number of suspected botnet IPs: 3931
number of botnet IPs notified to network operators: 3522
number of blocked spams: 141953
recipient count of blocked spams: 4177461

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1286
2BSNLNET647
3002.558.157/0001-62174
4AR-TEAR7-LACNIC172
5RCOM94
6002.558.134/0001-5888
7TATACOMM-IN77
8002.449.992/0001-6457
9HATHWAY-NET56
10000.065.376/0002-6551

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1299
2India959
3Brazil524
4China295
5Argentina259
6Russian Federation140
7Thailand44
8Uruguay37
9Mexico30
10Colombia30

Friday, February 12, 2010

Botnet Statistics [2010-02-11]

detection period: 2010-02-11 00:00-23:59 UTC
total number of suspected botnet IPs: 4018
number of botnet IPs notified to network operators: 3637
number of blocked spams: 124518
recipient count of blocked spams: 3869416

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1273
2BSNLNET857
3AR-TEAR7-LACNIC151
4002.558.157/0001-62134
5TFN-NET100
6RCOM94
7002.558.134/0001-5874
8TATACOMM-IN67
9HATHWAY-NET59
10000.065.376/0002-6541

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1382
2India1165
3Brazil405
4China280
5Argentina232
6Russian Federation116
7Thailand52
8Ukraine37
9Colombia37
10Mexico34

Thursday, February 11, 2010

Botnet Statistics [2010-02-10]

detection period: 2010-02-10 00:00-23:59 UTC
total number of suspected botnet IPs: 3999
number of botnet IPs notified to network operators: 3614
number of blocked spams: 125911
recipient count of blocked spams: 4065817

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1261
2BSNLNET853
3AR-TEAR7-LACNIC149
4002.558.157/0001-62138
5RCOM95
6002.558.134/0001-5885
7TATACOMM-IN64
8HATHWAY-NET58
9002.449.992/0001-6453
10000.065.376/0002-6544

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1273
2India1141
3Brazil460
4China314
5Argentina234
6Russian Federation124
7Thailand56
8Colombia35
9United States31
10Ukraine29

Wednesday, February 10, 2010

Botnet Statistics [2010-02-09]

detection period: 2010-02-09 00:00-23:59 UTC
total number of suspected botnet IPs: 3636
number of botnet IPs notified to network operators: 3306
number of blocked spams: 111703
recipient count of blocked spams: 3548886

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1271
2BSNLNET677
3002.558.157/0001-62149
4AR-TEAR7-LACNIC131
5RCOM93
6002.558.134/0001-5880
7TATACOMM-IN55
8HATHWAY-NET54
9002.449.992/0001-6446
10TFN-NET38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1315
2India941
3Brazil431
4China239
5Argentina209
6Russian Federation114
7Thailand54
8Ukraine30
9Colombia28
10Mexico24

Tuesday, February 9, 2010

Botnet Statistics [2010-02-08]

detection period: 2010-02-08 00:00-23:59 UTC
total number of suspected botnet IPs: 3600
number of botnet IPs notified to network operators: 3241
number of blocked spams: 121734
recipient count of blocked spams: 3849271

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET876
2BSNLNET834
3002.558.157/0001-62155
4RCOM114
5AR-TEAR7-LACNIC113
6TFN-NET111
7002.558.134/0001-5873
8HATHWAY-NET61
9002.449.992/0001-6452
10TATACOMM-IN51

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1122
2Taiwan994
3Brazil456
4China311
5Argentina181
6Russian Federation124
7Thailand48
8Colombia37
9Indonesia25
10Mexico24

Monday, February 8, 2010

Botnet Statistics [2010-02-07]

detection period: 2010-02-07 00:00-23:59 UTC
total number of suspected botnet IPs: 2509
number of botnet IPs notified to network operators: 2255
number of blocked spams: 125256
recipient count of blocked spams: 4276790

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1171
2BSNLNET179
3AR-TEAR7-LACNIC92
4002.558.157/0001-6276
5002.558.134/0001-5853
6000.065.376/0002-6533
7RCOM26
8CHINANET-ZJ-WZ26
9CHINANET-GD26
10AR-CASA10-LACNIC24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1178
2Brazil272
3India256
4China243
5Argentina155
6Russian Federation78
7Thailand37
8Colombia34
9Ukraine18
10South Korea18

Sunday, February 7, 2010

Botnet Statistics [2010-02-06]

detection period: 2010-02-06 00:00-23:59 UTC
total number of suspected botnet IPs: 2337
number of botnet IPs notified to network operators: 2061
number of blocked spams: 104040
recipient count of blocked spams: 3591730

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET542
2BSNLNET525
3AR-TEAR7-LACNIC96
4002.558.157/0001-6277
5RCOM68
6002.558.134/0001-5852
7TATACOMM-IN48
8CHINANET-GD46
9HATHWAY-NET43
10000.065.376/0002-6530

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India734
2Taiwan548
3Brazil259
4China248
5Argentina166
6Russian Federation61
7Thailand44
8Colombia26
9Indonesia19
10Ukraine18

Saturday, February 6, 2010

Botnet Statistics [2010-02-05]

detection period: 2010-02-05 00:00-23:59 UTC
total number of suspected botnet IPs: 3149
number of botnet IPs notified to network operators: 2888
number of blocked spams: 82661
recipient count of blocked spams: 2801911

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1265
2BSNLNET428
3TFN-NET226
4002.558.157/0001-62105
5AR-TEAR7-LACNIC76
6RCOM66
7002.558.134/0001-5845
8HATHWAY-NET40
9TATACOMM-IN36
10CHINANET-GD29

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1500
2India609
3Brazil306
4China235
5Argentina139
6Russian Federation62
7Thailand38
8Colombia22
9Indonesia20
10Ukraine18

Friday, February 5, 2010

Botnet Statistics [2010-02-04]

detection period: 2010-02-04 00:00-23:59 UTC
total number of suspected botnet IPs: 3672
number of botnet IPs notified to network operators: 3373
number of blocked spams: 77210
recipient count of blocked spams: 2621961

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1293
2BSNLNET661
3TFN-NET265
4002.558.157/0001-62118
5AR-TEAR7-LACNIC102
6002.558.134/0001-5868
7RCOM65
8TATACOMM-IN60
9HATHWAY-NET59
10002.449.992/0001-6440

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1566
2India893
3Brazil372
4China251
5Argentina156
6Russian Federation101
7Thailand38
8Colombia23
9Ukraine21
10Indonesia19

Thursday, February 4, 2010

Botnet Statistics [2010-02-03]

detection period: 2010-02-03 00:00-23:59 UTC
total number of suspected botnet IPs: 4248
number of botnet IPs notified to network operators: 3812
number of blocked spams: 186057
recipient count of blocked spams: 4763174

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1308
2BSNLNET769
3002.558.157/0001-62168
4AR-TEAR7-LACNIC127
5RCOM102
6TATACOMM-IN93
7002.558.134/0001-5883
8002.449.992/0001-6475
9TFN-NET70
10HATHWAY-NET70

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1391
2India1119
3Brazil531
4China357
5Argentina202
6Russian Federation128
7Ethiopia40
8Colombia36
9United States35
10Thailand35

How Many Bots Can a Greylisting System Detect?

According to a paper presented at TANET 2005(Taiwan Academic Network Conference 2005), titled "Spam Filtering with Open Source Software, and Some Hard Facts from NTU's Email System" (title translated by me, not necessarily correct), their daily mail volume was 800K, of which 58 per cent were blocked by greylisting.

I myself detected 3651 suspected bots while blocking 211178 spams yesterday, so if the folks at NTU (National Taiwan University) had a similiar bots/spam ratio, they would be able to detect (800K * 58% * 3651 / 211178) = 8021 bots daily in 2005. Though I believe greylisting should do much better than my current detection setup.

Now imagine what will happen if some large greylisting users, like Texas A&M University, SpamCop, and Computer Science in Aarhus (DAIMI), all contribute their logs: tens of thousands of bots will be uncovered every day.

For those of you interested in the paper mentioned above, remember that it is written in Chinese. If you can not read Chinese yourself, don't forget to find someone who can to help you:).

Wednesday, February 3, 2010

Botnet Statistics [2010-02-02]

detection period: 2010-02-02 00:00-23:59 UTC
total number of suspected botnet IPs: 3651
number of botnet IPs notified to network operators: 3240
number of blocked spams: 211178
recipient count of blocked spams: 4795358

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET798
2HINET-NET732
3TFN-NET190
4002.558.157/0001-62151
5AR-TEAR7-LACNIC115
6TATACOMM-IN84
7RCOM84
8002.558.134/0001-5871
9HATHWAY-NET65
10002.449.992/0001-6461

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1129
2Taiwan932
3Brazil469
4China372
5Argentina184
6Russian Federation102
7United States35
8Ethiopia34
9Colombia33
10South Korea28

Tuesday, February 2, 2010

Botnet Statistics [2010-02-01]

detection period: 2010-02-01 00:00-23:59 UTC
total number of suspected botnet IPs: 3685
number of botnet IPs notified to network operators: 3334
number of blocked spams: 146142
recipient count of blocked spams: 4313429

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1255
2BSNLNET531
3002.558.157/0001-62147
4TFN-NET141
5RCOM76
6AR-TEAR7-LACNIC74
7TATACOMM-IN66
8002.449.992/0001-6460
9002.558.134/0001-5850
10UNICOM-SD46

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1405
2India787
3China430
4Brazil425
5Argentina134
6Russian Federation79
7United States36
8South Korea29
9Ukraine28
10Colombia28

Monday, February 1, 2010

Botnet Statistics [2010-01-31]

Last week I read a paper titled "Spamming Chains: A New Way of Understanding Spammer Behavior" from CEAS 2009, and then realized that I should add number of blocked spams and recipient count of blocked spams to my daily statistics. So here they are.

detection period: 2010-01-31 00:00-23:59 UTC
total number of suspected botnet IPs: 3140
number of botnet IPs notified to network operators: 2876
number of blocked spams: 142094
recipient count of blocked spams: 4283754

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1338
2BSNLNET221
3TFN-NET149
4002.558.157/0001-6284
5UNICOM-SD64
6AR-TEAR7-LACNIC60
7CHINANET-JS43
8UNICOM-HA38
9CHINANET-GD38
10002.558.134/0001-5835

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1499
2China579
3India315
4Brazil255
5Argentina124
6Russian Federation55
7United States32
8Colombia21
9Thailand19
10Indonesia19