Daily Botnet Statistics: Botnet Statistics for September 2010

After some network and machine outages, I currently rent more than one vps to get some fault tolerance for my botnet detection system. Sometimes one of them will serve as my test server, and data collected on that server might not get included in the daily statistics. I include their data when calculating the monthly statistics, so the monthly number of blocked spams and recipient count might be more than the sum from daily statistcis. Just in case you ask.

detection period: 2010-09-01 00:00 - 2010-09-30 23:59 UTC
total number of suspected botnet IPs: 56714
number of blocked spams: 13056115
recipient count of blocked spams: 421289111

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	India	17628
2	Taiwan	16951
3	China	7909
4	Brazil	2933
5	Argentina	2093
6	Thailand	1773
7	Russian Federation	1563
8	United States	1133
9	Ukraine	579
10	Mexico	375
11	Ethiopia	292
12	Uruguay	285
13	South Korea	232
14	Belarus	231
15	France	229
16	Indonesia	198
17	Chile	191
18	Colombia	187
19	Germany	167
20	Algeria	117
21	Kazakhstan	104
22	Japan	104
23	Poland	82
24	Italy	82
25	Bulgaria	71

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

Rank	Country	# of blocked spams
1	China	1970854
2	United States	1830078
3	Taiwan	1579124
4	Brazil	1331285
5	Russian Federation	746560
6	India	573092
7	Colombia	497750
8	Thailand	285832
9	Germany	266227
10	South Korea	216575
11	Italy	205606
12	Poland	204572
13	Indonesia	201191
14	France	187902
15	Argentina	130538
16	Ukraine	121000
17	Mexico	119281
18	Philippines	108120
19	United Kingdom	106935
20	Romania	97768
21	Iran	94265
22	Peru	80958
23	Spain	80935
24	Australia	77240
25	South Africa	72905

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Rank	Country	recipient count of blocked spams
1	United States	61392408
2	China	51348030
3	Brazil	46182326
4	Taiwan	43257451
5	Russian Federation	25815320
6	India	19862215
7	Colombia	17365717
8	Thailand	9864240
9	Germany	9288938
10	South Korea	7516506
11	Italy	7141024
12	Indonesia	6832511
13	Poland	6763972
14	France	6442797
15	Argentina	4443870
16	Ukraine	4200171
17	Mexico	4162841
18	Philippines	3771465
19	United Kingdom	3678922
20	Romania	3414965
21	Iran	3274869
22	Peru	2831273
23	Spain	2814125
24	Australia	2700151
25	South Korea	2552091

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	16831
2	BSNLNET	13550
3	CHINANET-GD	4516
4	AR-TEAR7-LACNIC	1686
5	TATACOMM-IN	1378
6	RCOM	887
7	002.558.134/0001-58	819
8	TRUENET	640
9	ALLIANCEBROADBAND	579
10	HATHWAY-NET	538
11	UNICOM-SD	455
12	002.449.992/0001-64	443
13	CAT-BB-NET	440
14	000.065.376/0002-65	395
15	TRUEBB-NET	346
16	PACENET	325
17	040.432.544/0001-47	318
18	UKRTELNET	300
19	076.535.764/0326-90	297
20	ETHIONET	291
21	UY-ANTA-LACNIC	281
22	MX-GICS-LACNIC	208
23	CHINANET-ZJ-WZ	201
24	CHINANET-JX	175
25	UNICOM-LN	158

The top 25 networks (as found in WHOIS), ordered by number of blocked spams are:

Rank	Network	# of blocked spams
1	HINET-NET	1359302
2	CHINANET-ZJ-WZ	623866
3	000.065.376/0002-65	284392
4	OC3-NETWORKS2	262771
5	CO-ACSA-LACNIC	224416
6	CHINANET-GD	194670
7	003.420.926/0002-05	191427
8	RSCP-NET-4	185453
9	033.530.486/0001-29	176683
10	002.558.134/0001-58	129425
11	TFN-NET	128084
12	BSNLNET	123993
13	OC3-NETWORKS	116767
14	NETBLK-THEPLANET-BLK-16	107150
15	CO-CTSE-LACNIC	104731
16	RCOM	103073
17	CO-ETBE-LACNIC	97223
18	076.535.764/0326-90	91059
19	CAVTEL-BLK-8	88201
20	BORANET-KR	71132
21	UNICOM-HE	69569
22	NETBLK-THEPLANET-BLK-15	68796
23	KORNET-KR	68141
24	CHINANET-JS	64463
25	002.558.157/0001-62	63472

The top 25 networks (as found in WHOIS), ordered by recipient count of blocked spams are:

Rank	Network	recipient count of blocked spams
1	HINET-NET	37820293
2	000.065.376/0002-65	9948893
3	OC3-NETWORKS2	9887394
4	CHINANET-ZJ-WZ	9598055
5	CO-ACSA-LACNIC	7829798
6	003.420.926/0002-05	6657708
7	RSCP-NET-4	6487054
8	033.530.486/0001-29	6122696
9	002.558.134/0001-58	4517497
10	BSNLNET	4259928
11	OC3-NETWORKS	4086539
12	NETBLK-THEPLANET-BLK-16	3749920
13	CO-CTSE-LACNIC	3652562
14	RCOM	3570340
15	CO-ETBE-LACNIC	3399316
16	076.535.764/0326-90	3134618
17	CHINANET-GD	3081822
18	TFN-NET	2494178
19	BORANET-KR	2470775
20	NETBLK-THEPLANET-BLK-15	2407314
21	KORNET-KR	2365899
22	UNICOM-HE	2332803
23	SOFTLAYER-4-8	2217317
24	002.558.157/0001-62	2208387
25	OVH	2192178

Daily Botnet Statistics

Saturday, October 9, 2010

Botnet Statistics for September 2010

No comments:

Post a Comment