But I guess that another event, the public disclosure of a zero-day vulnerability in Microsoft XP by a Google researcher, also contributed to the increased bot counts. He posted his finding - the details of the vulnerability and proof-of-concept code - to a mailing list on June 10, 5 days after he had informed Microsoft of the vulnerability. Take a look at bot counts graphs in 5-day entroby at Shadowserver Foundation. You can see that around one third into June (about June 10), bot counts changed from a rapid declining trend to an increasing one. Though I detected more bots in June, they did not fall back to the previous level, as Microsoft haven't released an official patch for that vulnerability yet.
detection period: 2010-06-01 00:00 - 2010-06-30 23:59 UTC
total number of suspected botnet IPs: 74883
number of blocked spams: 4221977
recipient count of blocked spams: 100120734
The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
| Rank | Country | # of suspected botnet IPs |
|---|---|---|
| 1 | India | 25243 |
| 2 | Taiwan | 16854 |
| 3 | China | 15323 |
| 4 | Brazil | 5029 |
| 5 | Argentina | 3187 |
| 6 | Russian Federation | 2059 |
| 7 | Thailand | 1032 |
| 8 | Ukraine | 617 |
| 9 | Mexico | 523 |
| 10 | Ethiopia | 522 |
| 11 | United States | 433 |
| 12 | Uruguay | 349 |
| 13 | Chile | 253 |
| 14 | Germany | 241 |
| 15 | Indonesia | 222 |
| 16 | South Korea | 188 |
| 17 | Japan | 184 |
| 18 | Colombia | 175 |
| 19 | Belarus | 152 |
| 20 | Algeria | 136 |
| 21 | Iran | 129 |
| 22 | Kazakhstan | 128 |
| 23 | France | 128 |
| 24 | Hong Kong | 122 |
| 25 | Egypt | 106 |
The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:
| Rank | Country | # of blocked spams |
|---|---|---|
| 1 | China | 1155932 |
| 2 | Taiwan | 792198 |
| 3 | Brazil | 459900 |
| 4 | India | 341508 |
| 5 | Malaysia | 235830 |
| 6 | Russian Federation | 154396 |
| 7 | United States | 133067 |
| 8 | Thailand | 112624 |
| 9 | Indonesia | 99006 |
| 10 | Argentina | 95129 |
| 11 | Colombia | 78206 |
| 12 | Ukraine | 39531 |
| 13 | Chile | 36692 |
| 14 | South Korea | 31964 |
| 15 | Czech Republic | 30782 |
| 16 | Poland | 28600 |
| 17 | France | 27340 |
| 18 | Viet Nam | 21405 |
| 19 | Pakistan | 19818 |
| 20 | Saudi Arabia | 18992 |
| 21 | United Kingdom | 16810 |
| 22 | Germany | 16643 |
| 23 | Philippines | 16404 |
| 24 | Czechoslovakia | 16397 |
| 25 | Italy | 16167 |
The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:
| Rank | Country | recipient count of blocked spams |
|---|---|---|
| 1 | China | 25151146 |
| 2 | Taiwan | 18736442 |
| 3 | Brazil | 12591055 |
| 4 | India | 10674543 |
| 5 | Malaysia | 3889006 |
| 6 | Russian Federation | 3787016 |
| 7 | Thailand | 3315279 |
| 8 | Argentina | 2665985 |
| 9 | Indonesia | 2321815 |
| 10 | United States | 2275565 |
| 11 | Colombia | 2257047 |
| 12 | Chile | 994345 |
| 13 | Ukraine | 944411 |
| 14 | South Korea | 684327 |
| 15 | Czech Republic | 663982 |
| 16 | Poland | 653731 |
| 17 | France | 571959 |
| 18 | Pakistan | 518745 |
| 19 | Viet Nam | 474920 |
| 20 | Israel | 454841 |
| 21 | Germany | 407747 |
| 22 | Saudi Arabia | 391472 |
| 23 | Philippines | 371239 |
| 24 | Czechoslovakia | 340832 |
| 25 | Egypt | 314877 |
The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | BSNLNET | 19044 |
| 2 | HINET-NET | 15959 |
| 3 | CHINANET-GD | 6556 |
| 4 | AR-TEAR7-LACNIC | 2514 |
| 5 | RITELE | 2494 |
| 6 | TATACOMM-IN | 1722 |
| 7 | RCOM | 1366 |
| 8 | 002.558.134/0001-58 | 1061 |
| 9 | ALLIANCEBROADBAND | 1038 |
| 10 | 002.558.157/0001-62 | 965 |
| 11 | HATHWAY-NET | 954 |
| 12 | UNICOM-SD | 872 |
| 13 | 002.449.992/0001-64 | 770 |
| 14 | TFN-NET | 752 |
| 15 | 000.065.376/0002-65 | 566 |
| 16 | ETHIONET | 522 |
| 17 | TRUENET | 503 |
| 18 | 040.432.544/0001-47 | 453 |
| 19 | UNKNOWN | 419 |
| 20 | CHINANET-JX | 419 |
| 21 | MX-GICS-LACNIC | 397 |
| 22 | PACENET | 379 |
| 23 | CHINANET-HN | 379 |
| 24 | UNICOM-SX | 348 |
| 25 | UY-ANTA-LACNIC | 346 |
The top 25 networks (as found in WHOIS), ordered by number of blocked spams are:
| Rank | Network | # of blocked spams |
|---|---|---|
| 1 | HINET-NET | 767006 |
| 2 | BSNLNET | 167134 |
| 3 | TMIDC-MY | 161931 |
| 4 | CHINANET-GD | 135206 |
| 5 | RCOM | 79720 |
| 6 | UNICOM-SD | 75802 |
| 7 | 000.065.376/0002-65 | 71827 |
| 8 | 002.558.157/0001-62 | 70370 |
| 9 | 076.535.764/0326-90 | 65668 |
| 10 | UNICOM-HE | 63849 |
| 11 | CHINANET-ZJ-WZ | 59413 |
| 12 | UNICOM-LN | 59132 |
| 13 | EASTGATE | 56519 |
| 14 | 033.530.486/0001-29 | 52594 |
| 15 | CHINANET-JS | 49588 |
| 16 | TRUENET | 36972 |
| 17 | AR-TEAR7-LACNIC | 34422 |
| 18 | UNICOM-HA | 34097 |
| 19 | CHINANET-SN | 33178 |
| 20 | CO-ACSA-LACNIC | 32474 |
| 21 | CHINANET-YN | 32422 |
| 22 | CHINANET-JX | 31290 |
| 23 | TELKOMNET | 30095 |
| 24 | UNICOM-BJ | 26894 |
| 25 | RITELE | 25876 |
The top 25 networks (as found in WHOIS), ordered by recipient count of blocked spams are:
| Rank | Network | recipient count of blocked spams |
|---|---|---|
| 1 | HINET-NET | 18280588 |
| 2 | BSNLNET | 5356235 |
| 3 | TMIDC-MY | 2590896 |
| 4 | RCOM | 2476588 |
| 5 | 000.065.376/0002-65 | 2290256 |
| 6 | UNICOM-SD | 2219380 |
| 7 | 002.558.157/0001-62 | 1929150 |
| 8 | 076.535.764/0326-90 | 1683896 |
| 9 | CHINANET-GD | 1599502 |
| 10 | UNICOM-HE | 1476424 |
| 11 | UNICOM-LN | 1443126 |
| 12 | 033.530.486/0001-29 | 1314899 |
| 13 | TRUENET | 1258953 |
| 14 | CHINANET-JS | 1228402 |
| 15 | AR-TEAR7-LACNIC | 1152185 |
| 16 | CHINANET-ZJ-WZ | 947416 |
| 17 | CHINANET-JX | 934147 |
| 18 | EASTGATE | 903802 |
| 19 | CO-ACSA-LACNIC | 899673 |
| 20 | CHINANET-SN | 892316 |
| 21 | CHINANET-YN | 855533 |
| 22 | TELKOMNET | 804760 |
| 23 | UNICOM-HA | 796317 |
| 24 | 001.402.946/0001-47 | 787367 |
| 25 | CHINANET-CQ | 644624 |
No comments:
Post a Comment