Custom Search

Saturday, April 3, 2010

Botnet Statistics for June 2009

I started to detect and report bots around last June, when I rented my first vps from VPSLink. I did not have the chance to publish my work from the start, as this blog was an afterthought. To put all the collected data in another perspective, I decided to present them in a new, monthly format.

I regularly move the collected data (mail log) off my vpses, which only have limited storage space. Now all the old data (since last June) reside on my Windows PC at home. Unable to move them back to the vps (I have only 256Kbps upload bandwidth at home), I have to process them under UWIN , a UNIX emulation under Windows by AT&T, instead. A script taking minutes to run in the vps, now takes hours to complete under UWIN. I knew Windows was not a good fit for a UNIX environment, but I never thought the difference would be so huge.

detection period: 2009-06-08 07:37 - 2009-06-30 23:59 UTC
total number of suspected botnet IPs: 15240
number of blocked spams: 940245
recipient count of blocked spams: 13480394

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan14726
2China258
3Brazil54
4India46
5Russian Federation23
6United States22
7Indonesia8
8Bulgaria8
9Hong Kong7
10Germany6
11Colombia6
12Argentina6
13Pakistan5
14France5
15Egypt5
16Thailand4
17South Korea4
18Iran4
19Czech Republic4
20Philippines3
21Malaysia3
22United Kingdom3
23Spain3
24Ukraine2
25Mongolia2

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1Taiwan725865
2Malaysia152121
3China57677
4Brazil802
5United States618
6India411
7Russian Federation364
8Hong Kong342
9Indonesia278
10Ukraine208
11Argentina150
12Bangladesh144
13Colombia122
14Germany118
15Bulgaria112
16Czech Republic108
17United Kingdom71
18Czechoslovakia68
19Belgium64
20Italy61
21Thailand60
22Philippines60
23Pakistan52
24Egypt47
25Canada47

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

RankCountryrecipient count of blocked spams
1Taiwan9985102
2Malaysia2433933
3China926359
4Brazil24033
5United States18039
6India12459
7Russian Federation10436
8Hong Kong10207
9Indonesia8240
10Ukraine6200
11Argentina4603
12Bangladesh4239
13Colombia3689
14Bulgaria3534
15Germany3357
16Czech Republic3230
17Czechoslovakia1997
18United Kingdom1971
19Thailand1846
20Belgium1813
21Italy1692
22Philippines1483
23Pakistan1410
24Canada1273
25Egypt1251

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1APOL-NET8993
2HINET-NET4758
3TFN-NET964
4CHINANET-ZJ-WZ121
5UNICOM-GD22
6BSNLNET18
7002.558.157/0001-6214
8UNKNOWN12
9RCOM11
10UNICOM-HA10
11UNICOM-CN9
12UNICOM-SD8
13BTN-CIDR38
14UNICOM-HE7
15HGC6
16CHINANET-HB6
17033.530.486/0001-295
18000.065.376/0002-655
19TATACOMM-IN4
20SCARTEL4
21CHINANET-JS4
22CHINANET-GX4
23CHINANET-AH4
24AR-TEAR7-LACNIC4
25UNICOM-HL3

The top 25 networks (as found in WHOIS), ordered by number of blocked spams are:

RankNetwork# of blocked spams
1HINET-NET548950
2APOL-NET131795
3TMIDC-MY85375
4EASTGATE66746
5CHINANET-ZJ-WZ54185
6TFN-NET44884
7UNICOM-HE366
8HGC340
9CHINANET-SH311
10UNICOM-HA307
11IPNET-ID207
12HANGZHOU-DACHENG-NETBAR195
13UNICOM-SD189
14CHINANET-HB179
15EDUNET1174
16DXTNET166
17UNKNOWN150
18NETBLK-PRESCIENT01148
19FIBRENET-BD144
20RCOM143
21CHINANET-YN125
22BTN-CIDR3125
23NETBLK-THEPLANET-BLK-13121
24033.530.486/0001-29117
25001.947.194/0001-08117

The top 25 networks (as found in WHOIS), ordered by recipient count of blocked spams are:

RankNetworkrecipient count of blocked spams
1HINET-NET8292464
2TMIDC-MY1365997
3EASTGATE1067936
4APOL-NET1067228
5CHINANET-ZJ-WZ825780
6TFN-NET618411
7UNICOM-HE10343
8HGC10161
9UNICOM-HA9290
10CHINANET-SH8722
11IPNET-ID6320
12HANGZHOU-DACHENG-NETBAR5978
13UNICOM-SD5424
14EDUNET15219
15CHINANET-HB5078
16DXTNET4623
17RCOM4414
18NETBLK-PRESCIENT014361
19UNKNOWN4297
20FIBRENET-BD4239
21033.530.486/0001-293764
22CHINANET-YN3706
23NETBLK-THEPLANET-BLK-133604
24BTN-CIDR33459
25001.947.194/0001-083331
Labels:
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)