Custom Search

Tuesday, November 30, 2010

Botnet Statistics [2010-11-29]

I wrote about failure notices I got when sending notifications to CNCERT two weeks ago.  But then the problem disappeared before I had done anything about it.  I guess I was just lucky. 

I also send notifications about zombie computers in India to the CERT of India.  Unfortunately they began to reject my notifications two days ago.  I might not be so lucky this time...

detection period: 2010-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 2393
number of botnet IPs notified to network operators: 1949
number of blocked spams: 338506
recipient count of blocked spams: 11568541

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET462
2BSNLNET320
3RCOM59
4AR-TEAR7-LACNIC52
5000.065.376/0002-6536
6TATACOMM-IN35
7002.558.134/0001-5835
8TRUENET30
9KORNET-KR28
10CAT-BB-NET28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India492
2Taiwan477
3China268
4Brazil224
5Russian Federation152
6Thailand106
7Argentina102
8Ukraine60
9United States54
10South Korea48

Monday, November 29, 2010

Botnet Statistics [2010-11-28]

I decommissioned one of my vpses yesterday, as its billing period will be up today.  So I have only two detection systems in operation for the time being.  I also got hold of some domains suitable for greylisting last week.  A lot of work need to be done before I can detect botnet computers with greylisting, but I have high hope for its detection capability.

detection period: 2010-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 2428
number of botnet IPs notified to network operators: 2013
number of blocked spams: 132822
recipient count of blocked spams: 4440382

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET529
2BSNLNET363
3AR-TEAR7-LACNIC76
4UKRTELNET52
5RCOM41
6002.558.134/0001-5840
7TRUENET36
8KORNET-KR35
9000.065.376/0002-6532
10TATACOMM-IN30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan544
2India507
3China233
4Russian Federation181
5Brazil177
6Argentina135
7Thailand117
8Ukraine79
9South Korea53
10United States32

Sunday, November 28, 2010

Botnet Statistics [2010-11-27]

detection period: 2010-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1137
number of botnet IPs notified to network operators: 915
number of blocked spams: 408109
recipient count of blocked spams: 14027401

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET497
2CHINANET-GD39
3KORNET-KR15
4CHINANET-ZJ-WZ13
5000.065.376/0002-6512
6UNICOM-SD10
7CHINANET-FJ10
8033.530.486/0001-2910
9CHINANET-ZJ9
10CHINANET-JS9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan510
2China160
3Brazil72
4Russian Federation45
5United States41
6South Korea29
7India21
8Colombia20
9Germany17
10Indonesia16

Saturday, November 27, 2010

Botnet Statistics [2010-11-26]

detection period: 2010-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1169
number of botnet IPs notified to network operators: 933
number of blocked spams: 493765
recipient count of blocked spams: 16903168

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET497
2CHINANET-GD39
3000.065.376/0002-6515
4KORNET-KR13
5CHINANET-ZJ-WZ13
6UNICOM-TJ11
7UNICOM-SD10
8CHINANET-JS10
9003.420.926/0002-059
10TFN-NET8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan511
2China166
3Brazil79
4United States53
5Russian Federation49
6South Korea29
7Colombia21
8India18
9Germany18
10Indonesia15

Friday, November 26, 2010

Botnet Statistics [2010-11-25]

detection period: 2010-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1346
number of botnet IPs notified to network operators: 1089
number of blocked spams: 406644
recipient count of blocked spams: 13887642

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET507
2CHINANET-GD95
3CHINANET-ZJ-WZ19
4KORNET-KR14
5000.065.376/0002-6514
6002.558.157/0001-6211
7UNICOM-TJ10
8CHINANET-JS10
9033.530.486/0001-2910
10003.420.926/0002-0510

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan520
2China267
3Brazil87
4United States56
5Russian Federation53
6South Korea26
7India25
8Colombia24
9Poland21
10Indonesia20

Thursday, November 25, 2010

Botnet Statistics [2010-11-24]

detection period: 2010-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 1289
number of botnet IPs notified to network operators: 1046
number of blocked spams: 368519
recipient count of blocked spams: 12409409

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET519
2CHINANET-GD115
3KORNET-KR16
4CHINANET-ZJ-WZ15
5000.065.376/0002-6513
6CHINANET-JS12
7002.558.157/0001-6211
8UNICOM-SD9
9CHINANET-ZJ9
10076.535.764/0326-909

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan533
2China251
3Brazil81
4Russian Federation51
5United States46
6South Korea30
7Thailand21
8India19
9Colombia19
10Ukraine15

Wednesday, November 24, 2010

Botnet Statistics [2010-11-23]

detection period: 2010-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1367
number of botnet IPs notified to network operators: 1093
number of blocked spams: 344224
recipient count of blocked spams: 11551330

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET486
2000.065.376/0002-6526
3AR-TEAR7-LACNIC17
4TRUENET16
5CHINANET-ZJ-WZ15
6033.530.486/0001-2914
7002.558.157/0001-6214
8002.558.134/0001-5814
9KORNET-KR13
10CHINANET-GD12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan502
2China183
3Brazil130
4Russian Federation77
5Thailand47
6United States46
7Argentina40
8India35
9South Korea29
10Colombia26

Tuesday, November 23, 2010

Botnet Statistics [2010-11-22]

detection period: 2010-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 2535
number of botnet IPs notified to network operators: 2101
number of blocked spams: 373173
recipient count of blocked spams: 12470735

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET525
2BSNLNET342
3RCOM58
4AR-TEAR7-LACNIC54
5TRUENET44
6CAT-BB-NET42
7002.558.134/0001-5840
8000.065.376/0002-6537
9TATACOMM-IN36
10UNICOM-SD31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan541
2India506
3China301
4Brazil230
5Russian Federation161
6Thailand141
7Argentina102
8Ukraine63
9United States45
10Colombia33

Monday, November 22, 2010

Botnet Statistics [2010-11-21]

detection period: 2010-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 2347
number of botnet IPs notified to network operators: 1910
number of blocked spams: 384464
recipient count of blocked spams: 12692141

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET524
2BSNLNET121
3CHINANET-GD120
4AR-TEAR7-LACNIC55
5CAT-BB-NET42
6TRUEBB-NET39
7LASVEGASNETWORK38
8002.558.134/0001-5836
9UKRTELNET35
10000.065.376/0002-6531

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan543
2China408
3India196
4Brazil179
5Russian Federation160
6Thailand139
7Argentina101
8United States97
9Ukraine75
10South Korea34

Sunday, November 21, 2010

Botnet Statistics [2010-11-20]

detection period: 2010-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 3182
number of botnet IPs notified to network operators: 2697
number of blocked spams: 448414
recipient count of blocked spams: 14658745

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET509
2CHINANET-GD499
3BSNLNET352
4AR-TEAR7-LACNIC64
5RCOM60
6CAT-BB-NET48
7TATACOMM-IN45
8UKRTELNET41
9LASVEGASNETWORK39
10002.558.134/0001-5830

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China813
2India536
3Taiwan529
4Brazil216
5Russian Federation165
6Thailand132
7United States105
8Argentina104
9Ukraine90
10Indonesia35

Saturday, November 20, 2010

Botnet Statistics [2010-11-19]

detection period: 2010-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 2542
number of botnet IPs notified to network operators: 2158
number of blocked spams: 191363
recipient count of blocked spams: 5560774

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET539
2CHINANET-GD278
3BSNLNET232
4AR-TEAR7-LACNIC62
5RCOM55
6TATACOMM-IN42
7002.558.134/0001-5841
8UKRTELNET39
9CAT-BB-NET39
10000.065.376/0002-6534

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan555
2China500
3India398
4Brazil231
5Russian Federation145
6Thailand123
7Argentina104
8Ukraine79
9United States34
10Colombia33

Friday, November 19, 2010

Botnet Statistics [2010-11-18]

detection period: 2010-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 2826
number of botnet IPs notified to network operators: 2408
number of blocked spams: 231663
recipient count of blocked spams: 7558923

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET532
2HINET-NET512
3AR-TEAR7-LACNIC75
4RCOM70
5TATACOMM-IN61
6HATHWAY-NET46
7002.558.134/0001-5846
8000.065.376/0002-6537
9TRUEBB-NET34
10CAT-BB-NET33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India766
2Taiwan528
3China317
4Brazil261
5Russian Federation156
6Argentina125
7Thailand117
8Ukraine64
9United States43
10Colombia38

Thursday, November 18, 2010

Botnet Statistics [2010-11-17]

detection period: 2010-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 3229
number of botnet IPs notified to network operators: 2809
number of blocked spams: 288266
recipient count of blocked spams: 9330792

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1151
2BSNLNET360
3AR-TEAR7-LACNIC68
4RCOM65
5TATACOMM-IN48
6CAT-BB-NET42
7002.558.134/0001-5842
8HATHWAY-NET38
9TRUENET33
10076.535.764/0326-9032

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1167
2India574
3China291
4Brazil254
5Russian Federation163
6Thailand132
7Argentina125
8Ukraine48
9United States37
10Colombia33

Wednesday, November 17, 2010

Botnet Statistics [2010-11-16]

To reduce the number of mail I have to send, I usually collect information about zombie computers within China in a single notification to CNCERT, National Computer network Emergency Response technical Team/Coordination Center of China.  And China has done a good job on botnet reduction for the past year, which leads to its absence from various reports on spam and botnets, like the "dirty dozen" by Sophos, the top 12 countries of spam source by M86 security, and the top 10 countries sending spam by ICSA Labs.  While China is still the all time number one for the Top Spam Server Countries of Project Honey Pot, it is now at number 17 of the last 30 days.

Since November 1 this year, I started to get failure notice for my notification to CNCERT, which seems to be caused by alias expansion to a mailbox exceeding its quota.   In the mean time, China started to move back up to number 14 on the Top Spam Server Countries of the last 7 days.  I might need to find another way soon to contact them before China returns to top 10 again.

detection period: 2010-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 3376
number of botnet IPs notified to network operators: 2993
number of blocked spams: 363063
recipient count of blocked spams: 12123150

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1351
2BSNLNET405
3AR-TEAR7-LACNIC63
4RCOM59
5CAT-BB-NET43
6TATACOMM-IN40
7002.558.134/0001-5837
8TRUENET33
9TRUEBB-NET33
10HATHWAY-NET32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1361
2India590
3China295
4Brazil240
5Russian Federation146
6Thailand142
7Argentina118
8Ukraine53
9United States34
10South Korea34

Tuesday, November 16, 2010

Botnet Statistics [2010-11-15]

detection period: 2010-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 3265
number of botnet IPs notified to network operators: 2834
number of blocked spams: 380185
recipient count of blocked spams: 12746466

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1349
2BSNLNET356
3AR-TEAR7-LACNIC62
4RCOM56
5TATACOMM-IN49
6CAT-BB-NET36
7TRUEBB-NET35
8HATHWAY-NET32
9000.065.376/0002-6529
10TRUENET28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1360
2India543
3China283
4Brazil189
5Russian Federation146
6Thailand136
7Argentina109
8Ukraine48
9United States40
10South Korea28

Monday, November 15, 2010

Merely taking C&C servers offline is not going to destroy botnets

Everybody knows that the destructive power of botnets lies in their massive number.  While those malware-infected computers often have unpatched vulnerabilities, which makes them easy to compromise, it still takes a long time to get hold of so many computers.  The only reason hackers can construct botnets is because most victims are completely unaware that their computers have been compromised.

Now most botnet mitigation efforts, from the disconnection of McColo in 2008 to the recent Bredolab takedown by Dutch police, try to bring down botnets by taking C&C servers offline.  While it is a good step, merely doing that is not enough.  They often fail to notify the victims.  Thus the vulnerabilities within those zombie computers will remain unfixed, and it is just a matter of time before hackers take control of those computers again.  In my point of view, botnet notification should be a priority, so victims can fix the security loopholes inside their computers.

Notifying victims also addresses other problems.  For example, botnets can collect data about people, which are sometimes used in phone scams.  If victims know their computers have been compromised, they will beware of suspicious phone calls, and change their passwords as soon as possible.  That helps to limit the scope of damage caused by botnets.

Botnet Statistics [2010-11-14]

detection period: 2010-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 2918
number of botnet IPs notified to network operators: 2557
number of blocked spams: 401636
recipient count of blocked spams: 13425377

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1468
2BSNLNET128
3CAT-BB-NET37
4TRUEBB-NET36
5AR-TEAR7-LACNIC34
6TRUENET31
7000.065.376/0002-6531
8RCOM28
9CHINANET-ZJ-WZ27
10UNICOM-SD26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1479
2China279
3India203
4Brazil176
5Thailand131
6Russian Federation105
7Argentina74
8United States47
9Ukraine45
10South Korea32

Sunday, November 14, 2010

Botnet Statistics [2010-11-13]

detection period: 2010-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 3154
number of botnet IPs notified to network operators: 2775
number of blocked spams: 391839
recipient count of blocked spams: 12984415

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1479
2BSNLNET235
3AR-TEAR7-LACNIC52
4RCOM47
5000.065.376/0002-6528
6CAT-BB-NET27
7002.558.134/0001-5827
8TRUENET26
9TATACOMM-IN26
10HATHWAY-NET23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1492
2India381
3China262
4Brazil210
5Russian Federation131
6Thailand100
7Argentina96
8United States48
9Ukraine44
10Indonesia32

Saturday, November 13, 2010

Botnet Statistics [2010-11-12]

detection period: 2010-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 3698
number of botnet IPs notified to network operators: 3238
number of blocked spams: 348619
recipient count of blocked spams: 11262658

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1401
2BSNLNET474
3RCOM73
4AR-TEAR7-LACNIC55
5TATACOMM-IN54
6002.558.134/0001-5840
7000.065.376/0002-6538
8HATHWAY-NET35
9CAT-BB-NET34
10076.535.764/0326-9033

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1415
2India704
3China319
4Brazil279
5Russian Federation144
6Thailand113
7Argentina109
8Ukraine56
9United States54
10Indonesia39

Friday, November 12, 2010

Botnet Statistics [2010-11-11]

detection period: 2010-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 3776
number of botnet IPs notified to network operators: 3250
number of blocked spams: 378879
recipient count of blocked spams: 12568860

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1558
2BSNLNET408
3AR-TEAR7-LACNIC72
4RCOM69
5002.558.134/0001-5849
6CAT-BB-NET43
7TATACOMM-IN40
8000.065.376/0002-6539
9076.535.764/0326-9034
10002.558.157/0001-6233

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1570
2India600
3China340
4Brazil291
5Russian Federation155
6Argentina127
7Thailand115
8Ukraine59
9United States48
10Colombia36

Thursday, November 11, 2010

Botnet Statistics [2010-11-10]

detection period: 2010-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 3515
number of botnet IPs notified to network operators: 2980
number of blocked spams: 294536
recipient count of blocked spams: 9348965

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1346
2BSNLNET431
3AR-TEAR7-LACNIC82
4RCOM57
5TATACOMM-IN50
6002.558.134/0001-5843
7000.065.376/0002-6541
8CAT-BB-NET38
9076.535.764/0326-9034
10HATHWAY-NET33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1357
2India637
3China292
4Brazil274
5Russian Federation161
6Argentina130
7Thailand119
8Ukraine49
9United States40
10Colombia35

Wednesday, November 10, 2010

Botnet Statistics [2010-11-09]

detection period: 2010-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 2762
number of botnet IPs notified to network operators: 2299
number of blocked spams: 457837
recipient count of blocked spams: 15567843

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1132
2BSNLNET205
3AR-TEAR7-LACNIC55
4000.065.376/0002-6537
5002.558.134/0001-5833
6RCOM31
7CAT-BB-NET31
8076.535.764/0326-9025
9TRUEBB-NET23
10TRUENET21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1141
2India318
3China246
4Brazil221
5Russian Federation134
6Argentina100
7Thailand98
8United States47
9Ukraine47
10Colombia34

Tuesday, November 9, 2010

Botnet Statistics [2010-11-08]

detection period: 2010-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 2671
number of botnet IPs notified to network operators: 2244
number of blocked spams: 493310
recipient count of blocked spams: 17069546

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1208
2BSNLNET158
3AR-TEAR7-LACNIC40
4000.065.376/0002-6537
5CAT-BB-NET33
6002.558.134/0001-5833
7003.420.926/0002-0526
8076.535.764/0326-9025
9002.558.157/0001-6224
10RCOM22

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1219
2India247
3Brazil231
4China228
5Russian Federation106
6Thailand87
7Argentina71
8United States47
9Ukraine44
10Colombia35

Monday, November 8, 2010

Botnet Statistics [2010-11-07]

detection period: 2010-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 2782
number of botnet IPs notified to network operators: 2354
number of blocked spams: 450059
recipient count of blocked spams: 15035374

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1387
2BSNLNET94
3AR-TEAR7-LACNIC56
4000.065.376/0002-6535
5CAT-BB-NET34
6TRUENET25
7UNICOM-SD24
8002.558.134/0001-5823
9CHINANET-GD21
10076.535.764/0326-9021

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1403
2China236
3Brazil200
4India152
5Russian Federation122
6Thailand104
7Argentina96
8United States40
9Ukraine39
10Colombia31

Sunday, November 7, 2010

Botnet Statistics [2010-11-06]

detection period: 2010-11-06 00:00-23:59 UTC
total number of suspected botnet IPs: 3045
number of botnet IPs notified to network operators: 2592
number of blocked spams: 424488
recipient count of blocked spams: 14200845

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1404
2BSNLNET186
3AR-TEAR7-LACNIC78
4CAT-BB-NET37
5000.065.376/0002-6535
6002.558.134/0001-5832
7UNICOM-SD30
8TATACOMM-IN25
9RCOM25
10002.558.157/0001-6225

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1419
2India288
3China271
4Brazil230
5Russian Federation129
6Argentina121
7Thailand93
8United States42
9Ukraine41
10Colombia38

Saturday, November 6, 2010

Botnet Statistics [2010-11-05]

detection period: 2010-11-05 00:00-23:59 UTC
total number of suspected botnet IPs: 2703
number of botnet IPs notified to network operators: 2316
number of blocked spams: 225196
recipient count of blocked spams: 6585880

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1413
2BSNLNET57
3AR-TEAR7-LACNIC54
4002.558.134/0001-5839
5000.065.376/0002-6535
6CHINANET-ZJ-WZ29
7CAT-BB-NET29
8002.558.157/0001-6228
9033.530.486/0001-2924
10TRUENET23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1423
2Brazil239
3China235
4India115
5Russian Federation96
6Argentina94
7Thailand76
8Colombia40
9United States38
10Ukraine37

Friday, November 5, 2010

Botnet Statistics [2010-11-04]

detection period: 2010-11-04 00:00-23:59 UTC
total number of suspected botnet IPs: 1968
number of botnet IPs notified to network operators: 1746
number of blocked spams: 229075
recipient count of blocked spams: 6951935

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1375
2CHINANET-ZJ-WZ17
3003.420.926/0002-0516
4000.065.376/0002-6514
5CHINANET-GD12
6CHINANET-FJ11
7UNICOM-SD10
8KORNET-KR10
9033.530.486/0001-299
10002.558.157/0001-629

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1384
2China129
3Brazil92
4Russian Federation42
5United States34
6India22
7Indonesia19
8South Korea18
9Colombia18
10Thailand14

Thursday, November 4, 2010

Botnet Statistics [2010-11-03]

detection period: 2010-11-03 00:00-23:59 UTC
total number of suspected botnet IPs: 3150
number of botnet IPs notified to network operators: 2753
number of blocked spams: 306931
recipient count of blocked spams: 9543006

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1424
2BSNLNET419
3RCOM63
4TATACOMM-IN55
5AR-TEAR7-LACNIC32
6000.065.376/0002-6531
7CAT-BB-NET29
8HATHWAY-NET24
9003.420.926/0002-0524
10UNICOM-SD22

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1433
2India612
3China263
4Brazil173
5Russian Federation94
6Thailand72
7Argentina69
8Indonesia37
9United States35
10Colombia28

Wednesday, November 3, 2010

Botnet Statistics [2010-11-02]

detection period: 2010-11-02 00:00-23:59 UTC
total number of suspected botnet IPs: 3975
number of botnet IPs notified to network operators: 3392
number of blocked spams: 332668
recipient count of blocked spams: 10554495

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1428
2BSNLNET651
3RCOM93
4AR-TEAR7-LACNIC73
5TATACOMM-IN61
6CAT-BB-NET49
7HATHWAY-NET40
8UNICOM-SD38
9000.065.376/0002-6536
10CHINANET-GD35

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1438
2India921
3China389
4Brazil225
5Russian Federation152
6Thailand128
7Argentina125
8Ukraine48
9United States44
10Indonesia40

Tuesday, November 2, 2010

Botnet Statistics [2010-11-01]

detection period: 2010-11-01 00:00-23:59 UTC
total number of suspected botnet IPs: 3702
number of botnet IPs notified to network operators: 3141
number of blocked spams: 322848
recipient count of blocked spams: 10346545

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1337
2BSNLNET475
3AR-TEAR7-LACNIC88
4RCOM73
5002.558.134/0001-5865
6TATACOMM-IN61
7CAT-BB-NET42
8HATHWAY-NET39
9000.065.376/0002-6535
10TRUENET33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1352
2India732
3China346
4Brazil286
5Argentina149
6Russian Federation138
7Thailand123
8Ukraine48
9Indonesia45
10United States42

Monday, November 1, 2010

Botnet Statistics for October 2010

detection period: 2010-10-01 00:00 - 2010-10-31 23:59 UTC
total number of suspected botnet IPs: 45210
number of blocked spams: 12852722
recipient count of blocked spams: 422888928

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan17046
2India13469
3China3205
4Brazil2430
5Argentina1810
6Russian Federation1531
7Thailand1395
8Ukraine610
9Mexico371
10Uruguay339
11Ethiopia270
12United States256
13Belarus188
14Indonesia183
15South Korea167
16Germany148
17Chile146
18Colombia136
19Kazakhstan119
20Japan103
21Algeria86
22France70
23Italy68
24Hong Kong67
25Poland62

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China2103799
2Taiwan1686939
3Brazil1610881
4United States1327674
5Russian Federation713575
6India536008
7Colombia480263
8Thailand367951
9Indonesia267641
10South Korea205043
11France189044
12Italy188119
13Germany183637
14Poland173690
15Argentina155478
16Ukraine144311
17Iraq129850
18Philippines110608
19Czech Republic104275
20Australia103758
21Canada95906
22Mexico91376
23Hong Kong89559
24United Kingdom83852
25Peru83298

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2010-10-31]

detection period: 2010-10-31 00:00-23:59 UTC
total number of suspected botnet IPs: 2915
number of botnet IPs notified to network operators: 2425
number of blocked spams: 461402
recipient count of blocked spams: 15529237

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1406
2BSNLNET91
3AR-TEAR7-LACNIC66
4CAT-BB-NET37
5TRUENET31
6000.065.376/0002-6529
7002.558.134/0001-5828
8033.530.486/0001-2924
9RCOM20
10003.420.926/0002-0519

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1415
2China273
3Brazil190
4India165
5Russian Federation125
6Argentina116
7Thailand108
8United States50
9Ukraine44
10South Korea31