Custom Search

Friday, December 31, 2010

Botnet Statistics [2010-12-30]

detection period: 2010-12-30 00:00-23:59 UTC
total number of suspected botnet IPs: 1839
number of botnet IPs notified to network operators: 1374
number of blocked spams: 189188
recipient count of blocked spams: 6141358

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET179
2HINET-NET157
3AR-TEAR7-LACNIC44
4RCOM42
5000.065.376/0002-6540
6TRUEBB-NET33
7TRUENET30
8002.558.134/0001-5829
9TATACOMM-IN23
10HATHWAY-NET21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India308
2China263
3Brazil200
4Taiwan164
5Russian Federation115
6Thailand109
7Argentina83
8United States54
9Ukraine50
10South Korea44

Thursday, December 30, 2010

Botnet Statistics [2010-12-29]

detection period: 2010-12-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1662
number of botnet IPs notified to network operators: 1234
number of blocked spams: 301453
recipient count of blocked spams: 10398196

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET182
2HINET-NET137
3RCOM36
4AR-TEAR7-LACNIC32
5TRUENET29
6000.065.376/0002-6527
7CAT-BB-NET25
8002.558.134/0001-5825
9CHINANET-ZJ-WZ23
10TATACOMM-IN20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India295
2China242
3Brazil173
4Taiwan146
5Russian Federation111
6Thailand100
7Argentina54
8United States48
9Kazakhstan47
10South Korea43

Wednesday, December 29, 2010

Botnet Statistics [2010-12-28]

detection period: 2010-12-28 00:00-23:59 UTC
total number of suspected botnet IPs: 1719
number of botnet IPs notified to network operators: 1275
number of blocked spams: 338707
recipient count of blocked spams: 11668355

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET215
2HINET-NET122
3000.065.376/0002-6532
4RCOM29
5HATHWAY-NET26
6AR-TEAR7-LACNIC25
7TATACOMM-IN24
8KORNET-KR23
9CHINANET-JS23
10CHINANET-GD23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India332
2China276
3Brazil166
4Taiwan133
5Russian Federation104
6Thailand81
7Argentina52
8United States48
9South Korea47
10Kazakhstan39

Tuesday, December 28, 2010

Botnet Statistics [2010-12-27]

detection period: 2010-12-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1825
number of botnet IPs notified to network operators: 1379
number of blocked spams: 338812
recipient count of blocked spams: 11648076

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET209
2HINET-NET151
3RCOM43
4CAT-BB-NET35
5TATACOMM-IN30
6AR-TEAR7-LACNIC29
7KORNET-KR27
8002.558.134/0001-5825
9000.065.376/0002-6525
10TRUENET24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India341
2China280
3Brazil170
4Taiwan161
5Russian Federation113
6Thailand105
7Argentina61
8South Korea50
9Ukraine49
10United States45

Monday, December 27, 2010

Botnet Statistics [2010-12-26]

detection period: 2010-12-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1162
number of botnet IPs notified to network operators: 823
number of blocked spams: 336277
recipient count of blocked spams: 11602651

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET128
2KORNET-KR25
3AR-TEAR7-LACNIC19
4000.065.376/0002-6519
5UNICOM-SD16
6CHINANET-GD16
7CHINANET-ZJ-WZ15
8CHINANET-JS15
9033.530.486/0001-2912
10TRUENET11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China232
2Taiwan135
3Brazil93
4Russian Federation69
5Thailand53
6South Korea45
7United States41
8Argentina38
9India37
10Ukraine34

Sunday, December 26, 2010

Botnet Statistics [2010-12-25]

detection period: 2010-12-25 00:00-23:59 UTC
total number of suspected botnet IPs: 866
number of botnet IPs notified to network operators: 594
number of blocked spams: 257664
recipient count of blocked spams: 8618884

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET96
2KORNET-KR16
3CHINANET-ZJ-WZ14
4CHINANET-JS14
5CHINANET-GD14
6UNICOM-SD13
7CHINANET-FJ10
8CO-ACSA-LACNIC9
9AKIMPOD9
10033.530.486/0001-299

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China196
2Taiwan105
3Brazil66
4Russian Federation41
5United States40
6South Korea34
7Kazakhstan28
8India24
9Poland21
10Ukraine19

Saturday, December 25, 2010

Botnet Statistics [2010-12-24]

detection period: 2010-12-24 00:00-23:59 UTC
total number of suspected botnet IPs: 922
number of botnet IPs notified to network operators: 642
number of blocked spams: 326014
recipient count of blocked spams: 11156661

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET110
2KORNET-KR18
3CHINANET-GD16
4AKIMPOD15
5CHINANET-JS13
6033.530.486/0001-2913
7UNICOM-SD12
8003.420.926/0002-0510
9CO-ACSA-LACNIC9
10CHINANET-ZJ-WZ9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China187
2Taiwan119
3Brazil76
4Russian Federation53
5United States37
6Kazakhstan36
7South Korea35
8India26
9Colombia23
10Poland21

Friday, December 24, 2010

Botnet Statistics [2010-12-23]

detection period: 2010-12-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1007
number of botnet IPs notified to network operators: 714
number of blocked spams: 321749
recipient count of blocked spams: 11084589

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD105
2HINET-NET98
3CHINANET-ZJ-WZ17
4033.530.486/0001-2914
5CHINANET-JS13
6AKIMPOD13
7UNICOM-SD12
8KORNET-KR12
9003.420.926/0002-0511
10002.558.134/0001-5811

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China271
2Taiwan110
3Brazil91
4Russian Federation52
5United States39
6Kazakhstan32
7South Korea26
8Indonesia24
9Poland23
10India23

Thursday, December 23, 2010

Botnet Statistics [2010-12-22]

detection period: 2010-12-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1261
number of botnet IPs notified to network operators: 978
number of blocked spams: 330681
recipient count of blocked spams: 11296187

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD357
2HINET-NET63
3CHINANET-ZJ-WZ27
4KORNET-KR17
5CHINANET-JS15
6033.530.486/0001-2914
7UNICOM-SD13
8003.420.926/0002-0513
9AKIMPOD11
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China553
2Brazil92
3Taiwan74
4Russian Federation47
5United States43
6South Korea32
7Kazakhstan27
8India25
9Poland23
10Ukraine21

Wednesday, December 22, 2010

Botnet Statistics [2010-12-21]

detection period: 2010-12-21 00:00-23:59 UTC
total number of suspected botnet IPs: 1103
number of botnet IPs notified to network operators: 831
number of blocked spams: 330170
recipient count of blocked spams: 11275416

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD276
2KORNET-KR16
3CHINANET-ZJ-WZ15
4033.530.486/0001-2915
5CHINANET-JS13
6UNICOM-SD12
7003.420.926/0002-0512
8AKIMPOD11
9000.065.376/0002-6511
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China442
2Brazil97
3Russian Federation56
4United States40
5South Korea35
6Poland27
7Kazakhstan26
8Colombia23
9India22
10Ukraine21

Tuesday, December 21, 2010

Botnet Statistics [2010-12-20]

detection period: 2010-12-20 00:00-23:59 UTC
total number of suspected botnet IPs: 1015
number of botnet IPs notified to network operators: 725
number of blocked spams: 326418
recipient count of blocked spams: 11134893

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD189
2KORNET-KR18
3CHINANET-ZJ-WZ15
4CHINANET-JS15
5033.530.486/0001-2914
6UNICOM-SD13
7003.420.926/0002-0512
8AKIMPOD11
9000.065.376/0002-659
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China356
2Brazil86
3Russian Federation59
4United States45
5South Korea34
6Poland26
7India25
8Kazakhstan23
9Ukraine22
10Colombia22

Monday, December 20, 2010

Botnet Statistics [2010-12-19]

detection period: 2010-12-19 00:00-23:59 UTC
total number of suspected botnet IPs: 1524
number of botnet IPs notified to network operators: 1254
number of blocked spams: 267674
recipient count of blocked spams: 8567762

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD736
2CHINANET-ZJ-WZ22
3KORNET-KR14
4UNICOM-SD13
5033.530.486/0001-2913
6003.420.926/0002-0511
7CHINANET-JS9
8AKIMPOD9
9000.065.376/0002-659
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China911
2Brazil78
3Russian Federation52
4United States39
5South Korea31
6Poland25
7Thailand22
8India22
9Ukraine21
10Kazakhstan20

Sunday, December 19, 2010

Botnet Statistics [2010-12-18]

detection period: 2010-12-18 00:00-23:59 UTC
total number of suspected botnet IPs: 1582
number of botnet IPs notified to network operators: 1314
number of blocked spams: 279726
recipient count of blocked spams: 8824478

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD765
2KORNET-KR18
3033.530.486/0001-2916
4CHINANET-ZJ-WZ15
5UNICOM-SD14
6CHINANET-JS12
7AKIMPOD11
8003.420.926/0002-0510
9RCOM9
10CO-ACSA-LACNIC8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China933
2Brazil86
3Russian Federation55
4United States40
5South Korea36
6India29
7Poland24
8Kazakhstan24
9Ukraine22
10Colombia21

Saturday, December 18, 2010

Botnet Statistics [2010-12-17]

Taiwan, where I live, had stayed on my list of top 10 botnet countries for a long time.  It does not feel good for me to see my home country so high on the list.  Though I detected many bots in Taiwan, which showed how effective my detection was, I really wished that Taiwan could make some progress in the war against botnets.  So I am gladly surprised that Taiwan has recently dropped out of the top 10.  The number of bots detected in Taiwan daily has also reduced from more than 1000 to less than 100 now.  Great!

detection period: 2010-12-17 00:00-23:59 UTC
total number of suspected botnet IPs: 998
number of botnet IPs notified to network operators: 718
number of blocked spams: 334267
recipient count of blocked spams: 11460845

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD184
2KORNET-KR17
3CHINANET-ZJ-WZ16
4033.530.486/0001-2915
5UNICOM-SD14
6CHINANET-JS11
7003.420.926/0002-0511
8AKIMPOD10
9CO-ACSA-LACNIC9
10002.558.157/0001-629

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China342
2Brazil89
3Russian Federation60
4South Korea41
5United States39
6Colombia24
7Ukraine23
8Poland23
9Kazakhstan23
10France21

Friday, December 17, 2010

Botnet Statistics [2010-12-16]

detection period: 2010-12-16 00:00-23:59 UTC
total number of suspected botnet IPs: 1026
number of botnet IPs notified to network operators: 732
number of blocked spams: 330442
recipient count of blocked spams: 11278179

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD227
2UNICOM-SD16
3CHINANET-ZJ-WZ16
4KORNET-KR15
5033.530.486/0001-2915
6CHINANET-JS12
7003.420.926/0002-0512
8CO-ACSA-LACNIC9
9AKIMPOD8
10RCOM7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China383
2Brazil79
3Russian Federation69
4United States45
5South Korea34
6India27
7Colombia24
8Poland22
9France21
10Ukraine20

Thursday, December 16, 2010

Botnet Statistics [2010-12-15]

detection period: 2010-12-15 00:00-23:59 UTC
total number of suspected botnet IPs: 935
number of botnet IPs notified to network operators: 642
number of blocked spams: 329418
recipient count of blocked spams: 11079869

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET120
2CHINANET-ZJ-WZ24
3033.530.486/0001-2916
4UNICOM-SD15
5KORNET-KR15
6CHINANET-GD12
7CO-ACSA-LACNIC10
8CHINANET-JS10
9003.420.926/0002-0510
10CHINANET-ZJ8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China178
2Taiwan132
3Brazil78
4Russian Federation62
5United States50
6South Korea29
7India26
8Colombia26
9Poland24
10Ukraine21

Wednesday, December 15, 2010

Botnet Statistics [2010-12-14]

detection period: 2010-12-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1067
number of botnet IPs notified to network operators: 764
number of blocked spams: 325826
recipient count of blocked spams: 11145771

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET233
2KORNET-KR18
3033.530.486/0001-2917
4UNICOM-SD15
5CHINANET-ZJ-WZ12
6CHINANET-GD12
7CHINANET-JS11
8003.420.926/0002-0511
9002.558.157/0001-6211
10CO-ACSA-LACNIC10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan242
2China174
3Brazil85
4Russian Federation59
5United States45
6India30
7South Korea29
8Ukraine26
9Colombia26
10Indonesia25

Tuesday, December 14, 2010

Botnet Statistics [2010-12-13]

detection period: 2010-12-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1382
number of botnet IPs notified to network operators: 1054
number of blocked spams: 292960
recipient count of blocked spams: 9493034

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET455
2CHINANET-ZJ-WZ22
3033.530.486/0001-2918
4KORNET-KR16
5002.558.157/0001-6215
6UNICOM-SD14
7CHINANET-GD14
8CHINANET-JS13
9003.420.926/0002-0512
10CHINANET-ZJ11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan469
2China211
3Brazil103
4Russian Federation66
5United States49
6India35
7South Korea30
8Ukraine26
9Colombia25
10Poland24

Monday, December 13, 2010

Botnet Statistics [2010-12-12]

detection period: 2010-12-12 00:00-23:59 UTC
total number of suspected botnet IPs: 1325
number of botnet IPs notified to network operators: 1019
number of blocked spams: 424114
recipient count of blocked spams: 9819166

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET458
2KORNET-KR18
3CHINANET-JS17
4033.530.486/0001-2917
5CHINANET-ZJ-WZ16
6UNICOM-SD14
7CHINANET-GD13
8CHINANET-FJ13
9CO-ACSA-LACNIC10
10003.420.926/0002-0510

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan468
2China206
3Brazil84
4Russian Federation65
5United States47
6South Korea30
7Poland27
8India27
9Colombia24
10Ukraine21

Sunday, December 12, 2010

Botnet Statistics [2010-12-11]

A week ago, I still detected more than 5000 bots on December 4. This week I detected far less bots, sometimes dropped below 1000 per day. But the weekly bot count graph in Shadowserver disagrees with my statistics. Its bot count increased from around 20K to just below 80K, almost quadrupled in the past week. Considering the recent Wikileaks controversy, and the fact that I can only detect spam sending bots, I guess a large portion of those new bots are used for DDoS attacks.

detection period: 2010-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1303
number of botnet IPs notified to network operators: 989
number of blocked spams: 344381
recipient count of blocked spams: 8365799

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET429
2KORNET-KR19
3033.530.486/0001-2917
4UNICOM-SD16
5CHINANET-ZJ-WZ15
6CHINANET-JS14
7CHINANET-FJ14
8CHINANET-GD13
9002.558.157/0001-6212
10CO-ACSA-LACNIC10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan440
2China204
3Brazil87
4Russian Federation71
5United States41
6India41
7South Korea35
8Poland29
9Colombia26
10Ukraine25

Saturday, December 11, 2010

Botnet Statistics [2010-12-10]

detection period: 2010-12-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1300
number of botnet IPs notified to network operators: 1014
number of blocked spams: 246624
recipient count of blocked spams: 8033387

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET484
2CHINANET-ZJ-WZ40
3KORNET-KR19
4033.530.486/0001-2916
5002.558.157/0001-6216
6CHINANET-GD15
7UNICOM-SD14
8CHINANET-FJ12
9CHINANET-JS11
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan497
2China207
3Brazil80
4Russian Federation57
5United States42
6India38
7South Korea31
8Colombia26
9Poland24
10Ukraine23

Friday, December 10, 2010

Botnet Statistics [2010-12-09]

detection period: 2010-12-09 00:00-23:59 UTC
total number of suspected botnet IPs: 1060
number of botnet IPs notified to network operators: 796
number of blocked spams: 303095
recipient count of blocked spams: 10279527

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET312
2CHINANET-ZJ-WZ17
3KORNET-KR15
4033.530.486/0001-2915
5002.558.157/0001-6215
6UNICOM-SD13
7CHINANET-JS13
8CHINANET-GD13
9CHINANET-FJ10
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan326
2China178
3Brazil75
4Russian Federation50
5United States44
6India32
7Colombia27
8South Korea25
9Poland24
10Indonesia22

Thursday, December 9, 2010

Botnet Statistics [2010-12-08]

detection period: 2010-12-08 00:00-23:59 UTC
total number of suspected botnet IPs: 1038
number of botnet IPs notified to network operators: 796
number of blocked spams: 205843
recipient count of blocked spams: 6861150

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET394
2CHINANET-ZJ-WZ17
3033.530.486/0001-2914
4UNICOM-SD13
5CHINANET-JS12
6003.420.926/0002-0511
7KORNET-KR9
8CO-ACSA-LACNIC9
9002.558.157/0001-629
10TRUENET8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan405
2China149
3Brazil67
4Russian Federation46
5United States35
6India35
7Colombia23
8Thailand20
9South Korea19
10Indonesia19

Wednesday, December 8, 2010

Botnet Statistics [2010-12-07]

detection period: 2010-12-07 00:00-23:59 UTC
total number of suspected botnet IPs: 837
number of botnet IPs notified to network operators: 565
number of blocked spams: 261754
recipient count of blocked spams: 8807849

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET136
2CHINANET-ZJ-WZ18
3033.530.486/0001-2916
4CHINANET-JS15
5UNICOM-SD12
6003.420.926/0002-0511
7KORNET-KR10
8CHINANET-GD10
9002.558.157/0001-6210
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China155
2Taiwan148
3Brazil77
4Russian Federation52
5United States41
6Colombia27
7India25
8South Korea22
9Poland20
10Ukraine17

Tuesday, December 7, 2010

Botnet Statistics [2010-12-06]

detection period: 2010-12-06 00:00-23:59 UTC
total number of suspected botnet IPs: 1183
number of botnet IPs notified to network operators: 904
number of blocked spams: 321289
recipient count of blocked spams: 11029497

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET459
2KORNET-KR14
3UNICOM-SD13
4033.530.486/0001-2913
5CHINANET-ZJ-WZ11
6CHINANET-JS11
7003.420.926/0002-0511
8CHINANET-GD10
9000.065.376/0002-6510
10CO-ACSA-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan470
2China159
3Brazil79
4Russian Federation63
5United States43
6Colombia29
7India28
8South Korea26
9Indonesia22
10Poland21

Monday, December 6, 2010

Botnet Statistics [2010-12-05]

detection period: 2010-12-05 00:00-23:59 UTC
total number of suspected botnet IPs: 1821
number of botnet IPs notified to network operators: 1456
number of blocked spams: 263606
recipient count of blocked spams: 8879125

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET514
2CHINANET-GD95
3BSNLNET40
4AR-TEAR7-LACNIC38
5KORNET-KR23
6TRUENET22
7000.065.376/0002-6522
8TRUEBB-NET18
9RCOM18
10UNICOM-SD17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan529
2China311
3Brazil144
4Russian Federation88
5Argentina86
6India85
7Thailand65
8United States47
9South Korea44
10Ukraine43

Sunday, December 5, 2010

Botnet Statistics [2010-12-04]

detection period: 2010-12-04 00:00-23:59 UTC
total number of suspected botnet IPs: 5208
number of botnet IPs notified to network operators: 4441
number of blocked spams: 286454
recipient count of blocked spams: 9322186

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET1352
2CHINANET-GD751
3HINET-NET548
4RCOM174
5TATACOMM-IN160
6AR-TEAR7-LACNIC111
7HATHWAY-NET88
8UKRTELNET74
9ALLIANCEBROADBAND53
10TRUENET51

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1921
2China1073
3Taiwan567
4Brazil270
5Russian Federation234
6Argentina171
7Thailand151
8Ukraine127
9South Korea60
10Kazakhstan59

Saturday, December 4, 2010

DDoS attacks make Wikileaks a great botnet detection system

News about Wikileaks has been flooding the media recently. Due to its controversy, Wikileaks has been under several DDoS attacks for the past week. The data volume from the biggest attack is said to be higher than 10Gbps.

This specific event looks to me like a perfect chance for botnet detection. All the botnet detection systems employing passive approaches, like the "follow the spam" strategy I currently use, face the same problem, which is "how to attract botnets to contact the system?" Wikileaks does a great job without much effort in this regards (that is, attracting botnets).

Now if Wikileaks already has in place some capable web server and reverse proxy, like lighttpd, nginx or varnish, a few scripts running on their log files will quickly produce a list of suspected zombie computers. Notifying those unsuspecting victims of what happened will help fight botnets tremendously.

Botnet Statistics [2010-12-03]

detection period: 2010-12-03 00:00-23:59 UTC
total number of suspected botnet IPs: 5295
number of botnet IPs notified to network operators: 4478
number of blocked spams: 285107
recipient count of blocked spams: 9212247

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET1206
2CHINANET-GD904
3HINET-NET489
4RCOM163
5TATACOMM-IN148
6AR-TEAR7-LACNIC104
7HATHWAY-NET103
8UKRTELNET76
9002.558.134/0001-5862
10000.065.376/0002-6557

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1777
2China1248
3Taiwan507
4Brazil355
5Russian Federation254
6Argentina176
7Thailand144
8Ukraine123
9South Korea61
10Kazakhstan50

Friday, December 3, 2010

Botnet Statistics [2010-12-02]

detection period: 2010-12-02 00:00-23:59 UTC
total number of suspected botnet IPs: 4158
number of botnet IPs notified to network operators: 3527
number of blocked spams: 178751
recipient count of blocked spams: 4835427

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET827
2HINET-NET549
3CHINANET-GD329
4RCOM174
5AR-TEAR7-LACNIC92
6TATACOMM-IN78
7HATHWAY-NET74
8UKRTELNET65
9000.065.376/0002-6551
10TRUENET47

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1295
2China639
3Taiwan567
4Brazil331
5Russian Federation253
6Argentina153
7Thailand144
8Ukraine110
9Kazakhstan55
10South Korea54

Thursday, December 2, 2010

Botnet Statistics [2010-12-01]

detection period: 2010-12-01 00:00-23:59 UTC
total number of suspected botnet IPs: 2764
number of botnet IPs notified to network operators: 1627
number of blocked spams: 296214
recipient count of blocked spams: 9520499

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET485
2BSNLNET417
3RCOM86
4AR-TEAR7-LACNIC70
5TATACOMM-IN53
6000.065.376/0002-6549
7UKRTELNET44
8HATHWAY-NET41
9002.558.134/0001-5836
10CAT-BB-NET31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India658
2Taiwan504
3China301
4Brazil249
5Russian Federation163
6Argentina122
7Thailand98
8Ukraine76
9South Korea50
10United States47

Wednesday, December 1, 2010

Botnet Statistics for November 2010

detection period: 2010-11-01 00:00 - 2010-11-30 23:59 UTC
total number of suspected botnet IPs: 40754
number of blocked spams: 10491156
recipient count of blocked spams: 347545981

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan16984
2India9719
3China3672
4Brazil1882
5Thailand1784
6Russian Federation1528
7Argentina1373
8Ukraine698
9United States272
10Belarus249
11Uruguay246
12Kazakhstan198
13South Korea171
14Ethiopia165
15Mexico145
16Indonesia145
17Germany134
18Colombia114
19Chile112
20Algeria76
21Hong Kong61
22Bulgaria61
23Poland59
24Italy56
25Iran54

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China2121950
2Brazil1302625
3Taiwan1160342
4United States722775
5Russian Federation646022
6India374273
7Colombia328955
8Thailand245807
9Germany210781
10South Korea206726
11Argentina177956
12Ukraine172465
13France169121
14Indonesia164513
15Poland162099
16Italy156307
17Mexico116290
18Philippines96926
19Turkey82025
20Saudi Arabia81639
21Iran80066
22Viet Nam79188
23United Kingdom76462
24Czech Republic76423
25Venezuela73585

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2010-11-30]

detection period: 2010-11-30 00:00-23:59 UTC
total number of suspected botnet IPs: 2303
number of botnet IPs notified to network operators: 1890
number of blocked spams: 330365
recipient count of blocked spams: 11370535

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET427
2BSNLNET307
3RCOM63
4AR-TEAR7-LACNIC57
5TATACOMM-IN39
6000.065.376/0002-6535
7002.558.134/0001-5828
8KORNET-KR27
9HATHWAY-NET25
10CAT-BB-NET24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India495
2Taiwan442
3China270
4Brazil211
5Russian Federation126
6Argentina98
7Thailand77
8United States67
9Ukraine51
10South Korea48